Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪

[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪

Amazon Linux に OpenAM をインストールしてみる - Qiita
https://qiita.com/kusokamayarou/items/3ed839a7e51b8137b87a

OpenAM と cybozu.com の SAML 認証を確認してみる - Qiita
https://qiita.com/kusokamayarou/items/94df119cd5e821c8876f

python (pysaml2) から cybozu.com の SAML 認証を確認してみる - Qiita
https://qiita.com/kusokamayarou/items/9689ab6e2629f02a9124

Amazon Cognito UserPools を JavaScript から使ってみる - Qiita
https://qiita.com/kusokamayarou/items/60bcf9d16ce0df93b0ea

Amazon Cognito UserPools を iOS から使ってみる - Qiita
https://qiita.com/kusokamayarou/items/b829d261b5e23bb1fc5f

C4468f4bf6d84f4b10b4fb2a5ad9fa12?s=128

KUSOKAMAYAROU

April 20, 2019
Tweet

Transcript

  1. ೝূΑ͘Θ͔ͬͯͳ͍͔Βɺ ৭ʑࢼͯ͠Έͨ̇ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! גࣜձࣾ ݱ৔αϙʔτ ্佂 ޾େ 2019.04.20

     
  2. ࣗݾ঺հ • ্佂 ޾େ (řŚŜŵ ŻŝűƁ) • @kusokamayarou • ग़਎

    / ॴࡏɿࣛࣇౡݝປ࡚ࢢ • 2012೥ʹ౦ژ͔Β̪λʔϯͰݱ৬ɻ2018೥͔ΒςϨϫʔΫɻ • 2018೥͔ΒɺJAWS-UG ࣛࣇౡ ίΞϝϯόʔɻ • ޷͖ͳ͜ͱɿՈ଒ɾԹઘɾອըΛಡΉ͜ͱɾྉཧͳͲ  
  3. ໨࣍ 1. ·ͣɺ࠷ॳʹ… 2. ೝূͬͯԿʁ 3. OpenAM ͱ cybozu.com Ͱ

    SAML Λࢼ͢ 4. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ 5. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ 6. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ 7. ·ͱΊ  
  4. ·ͣɺ࠷ॳʹ…

  5. ઌʹँ͓͖ͬͯ·͢!!  

  6. ৭ʑࢼ͠·͕ͨ͠…  

  7. ೝূͷ͜ͱɺ ͋Μ·Γࣗ৴ͳ͍…  

  8. ΍ͬͺΓ Α͘Θ͔Μͳ͍!!  

  9. ͳͷͰ ؒҧͬͯͨΒ ͝ΊΜͳ͍͞  

  10. ೝূͬͯԿʁ

  11. άάͬͯԼ͍͞!!  

  12.   ͦ Ε ͡ Ό ࿩ ͕ ऴ Θ

    ͬ ͪ Ό ͏ ϒϥοΫδϟοΫʹΑΖ͘͠ ࠤ౻लๆ Ͱ ͠ ΐ ͏ ͕ ᴺ ο 
  13. ͱ͍͏༁ʹ΋ ͍͔ͳ͍ͷͰ …  

  14. ࠓ೔͓࿩͢Δ͜ͱʹؔͯ͠ɺ ؆୯ʹ… • SAML  

  15. SAML (Security Assertion Markup Language) • IdP (Identity Provider) •

    ೝূ৘ใΛఏڙ͢Δଆ • OpenIDͩͱɺOP (OpenID Provider) • SP (Service Provider) • ೝূ৘ใΛར༻͢Δଆ • OpenIDͩͱɺRP (Relying Party) • ϑΣσϨʔγϣϯ (Federation) • …࿈߹ɺಉໍɺ࿈๜੓෎ɺ࿈߹૊߹ձɺ࿈ໍ  
  16. ŲŐũƄƀŖŢŔƃ SAMLᶃ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)   41

    *E1 $PPLJFΛ֬ೝ ೝূ0,
  17. ŲŐũƄƀŖŢŔƃ SAMLᶄ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)   41

    *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ
  18. ŲŐũƄƀŖŢŔƃ SAMLᶅ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)   41

    *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ/( ೝূ0, $PPLJFΛ֬ೝ ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ
  19. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢

  20. OpenAM @ ForgeRock • OpenAM - Wikipedia • OpenAMͬͯͳʹʁ -

    Qiita • ForgeRock Backstage • Idp ΋ SP ΋Մɻ •  
  21. cybozu.com @ αΠϘ΢ζ • αΠϘ΢ζͷΫϥ΢υαʔϏεʹ͍ͭͯɹ cybozu.com • SAMLೝূͷઃఆ - cybozu.com

    ϔϧϓ • αΠϘ΢ζגࣜձࣾ • SP ͷΈɻ •  
  22. ŲŐũƄƀŖŢŔƃ SAMLᶆ (OpenAM - cybozu.com)   41 *E1

  23. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ • Amazon Linux ʹ

    OpenAM ΛΠϯετʔ ϧͯ͠ΈΔ - Qiita • OpenAM ͱ cybozu.com ͷ SAML ೝূΛ ֬ೝͯ͠ΈΔ - Qiita •  
  24. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢

  25. pysaml2 @ IdentityPython • IdentityPython/pysaml2: Python implementation of SAML2 •

    Idp ΋ SP ΋Մɻ •  
  26. ŲŐũƄƀŖŢŔƃ SAMLᶇ (OpenAM - pysaml2)   41 *E1 QZTBNM

  27. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ • python (pysaml2)

    ͔Β cybozu.com ͷ SAML ೝূΛ֬ೝͯ͠ΈΔ - Qiita •  
  28. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢

  29. Amazon Cognito User Pool @ AWS • Amazon Cognito Ϣʔβʔϓʔϧ

    - Amazon Cognito • AWS Black Belt Online Seminar 2017 Amazon Cognito • AWS Black Belt Online Seminar 2016 Amazon Cognito • AWS Black Belt Online Seminar 2015 Amazon Cognito • AWS Cognitoʹ͍ͭͯௐ΂ͯΈͨ - Qiita • SP ͷΈɻ  
  30. ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (Javascript)   41 *E1

    "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ
  31. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito

    UserPools Λ JavaScript ͔Β࢖ͬͯΈΔ - Qiita •  
  32. iOS Ͱ Amazon Cognito User Pool Λࢼ͢

  33. ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (iOS)   41 *E1

    "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ
  34. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito

    UserPools Λ iOS ͔Β࢖ͬͯΈΔ - Qiita •  
  35. ·ͱΊ

  36. ·ͱΊᶃ • ๯಄ʹ΋ॻ͖·͕ͨ͠ɺೝূ΍ͬͺΓ೉͍͠Ͱ͢…ɻ • ࢲ΋৭ʑௐ΂ͨΓɺࢼͨ͠Γ͠·͕ͨ͠…ɺͳ͔ͳ͔ࡉ͔͍ͱ͜ Ζ·Ͱཧղ͢Δͷ͸…ɻ • ͨͩɺ΍͸ΓΤϯδχΞΒ͘͠ɺखΛಈ͔͢ͷ͕Ұ൪ͩͱࢥ͍· ͢ɻ •

    ࠓճ͝঺հͨ͠ɺOpenAM ΍ pysaml2 ͳͲͷ OSS ͸ɺσόοά ͰτʔΫϯͷ΍ΓऔΓ΍ϓϩτίϧͷྲྀΕΛ֬ೝͰ͖ͯྑ͍Μ ͡Όͳ͍͔ͱࢥ͍·͢ɻ
  37. ·ͱΊᶄ • ͨͩɺϓϩμΫτΛ։ൃ͢ΔͷͰ͋Ε͹ɺOSS Λར༻ͨ͠Γɺθϩ͔Β಺੡͢ ΔΑΓ͸ɺAWS ΍ GCP ͳͲͷύϒϦοΫΫϥ΢υΛར༻͢Δํ͕ྑ͍Μ͡Ό ͳ͍͔ɺͱݸਓతʹ͸ࢥ͍ͬͯ·͢ɻ •

    ։ൃɾӡ༻ͷίετ࡟ݮɺεέʔϦϯάɺϏοάαʔϏεͰͷར༻อূɺϝʔ ϧ΍SMSͷऔΓѻ͍ɺTFAͳͲɺϞόΠϧΞϓϦͱͷ૬ੑ͕ྑ͍༷ʹࢥ͍· ͢ɻ • ಛʹɺ֤छ৘ใϦιʔεΛύϒϦοΫΫϥ΢υʹ֨ೲ͍ͯ͠ΔͷͰ͋Ε͹ɺར ༻ͨ͠ํ͕ྑ͍ؾ͕͠·͢ɻ • Ͱ΋ɺϊ΢ϋ΢ແ͔ͬͨΓ͢Δͱɺ৭ʑϋϚΔ৔໘΋ͦΕͳΓʹ͋Δ͔΋…ɻ
  38. ͓஌Βͤ  

  39. ݱ৔αϙʔτ • HP - גࣜձࣾݱ৔αϙʔτ • Facebook - ʢגʣݱ৔αϙʔτ -

    ϗʔϜ • ϑΥϩʔ͓ئ͍͠·͢ɻ • HP - ݱ৔Ϋϥ΢υ Conne ʢίϯωʣ • ʮݐઃۀͷνʔϜϫʔΫΛΑΓڧ͘ɻΑΓεϜʔζʹɻʯ • ৽͘͠ݐઃۀք޲͚ͷۀ຿ίϛϡχέʔγϣϯαʔϏεΛల։͓ͯ͠Γ·͢ • Ԡԉɾ͝ڠྗͷఔɺΑΖ͓͘͠ئ͍͠·͢ɻ  
  40. ίϛϡχςΟ • JAWS-UG ࣛࣇౡ • JAWS-UGࣛࣇౡ | Doorkeeper ɺFacebook -

    AWS User Group - ࣛࣇౡ • CoderDojo ࣛࣇౡ • CoderDojoࣛࣇౡ - connpass ɺFacebook - CoderDojo ࣛࣇౡ • ্هίϛϡχςΠʹͯఆظతʹΠϕϯτΛ։࠵͓ͯ͠Γ·̇͢ • ͝౎߹ΑΖ͚͠Ε͹ɺ͓ؾܰʹ͝ࢀՃ͍ͩ͘͞ɻ  
  41. kusokamayarou • kusokamayarou - facebook • kusokamayarou | Twitter •

    kusokamayarou - Qiita • kusokamayarou - GitHub • ࣛࣇౡࢢͷاۀʹۈΊͯɺປ࡚ͰςϨϫʔΫͯ͠Δ IT ΤϯδχΞͬΆ͍ਓͷϒ ϩά | ͸ͯͳϒϩά • ίϛϡχςΟʹؔ͢Δ͜ͱ΍ٕज़తͳ Tips ͳͲ౤ߘͨ͠Γͯ͠·͢ɻ • ݟ͔͚ͨΒɺʮΞΠπ͕ॻ͍ͯΜͩͳʯͱࢥͬͯ௖͚Δͱخ͍͠Ͱ͢ɻ  
  42. ࠷ޙʹ  

  43. ࠓճ͜ͷ༷ͳܗͰ͓࿩͢ΔػձΛ௖͚ͨ͜ ͱɺඇৗʹ͋Γ͕ͨ͘ࢥ͓ͬͯΓ·͢ɻ ੓૔͞ΜΛ͸͡Ίɺ͔͝΂Μ ŠŶœŬũŎͷํʑ TUKUDDO ͷํʑ ฐࣾͷϝϯό ͦͯ͠ɺࠓ೔͓ӽ͠௖͍ͨࢀՃऀͷօ༷ Ͳ͏΋͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ 

    
  44. ͝੩ௌ Ͳ͏΋͋Γ͕ͱ͏ ͍͟͝·ͨ͠  

  45. ύνύν ύνύν ύνʙ ऴΘΓ̇