Upgrade to Pro — share decks privately, control downloads, hide ads and more …

cybozu.comの認証 / cybozu.com authentication

8c33442d7da8e76c8159952897ec1710?s=47 mwatanabe
December 14, 2016
Technology
0
1k

cybozu.comの認証 / cybozu.com authentication

cybozu tech conference 2016 (https://cybozutech2016.qloba.com/) での発表資料です。

8c33442d7da8e76c8159952897ec1710?s=128

mwatanabe

December 14, 2016
Tweet

More Decks by mwatanabe

See All by mwatanabe
Elasticsearch5.0.0で再インデクシングの高速化を探究した話
8c33442d7da8e76c8159952897ec1710?s=48 mwatanabe
2
800

Other Decks in Technology

See All in Technology
Target SDK Versionを上げない Notification runtime permission対応
0c5e92294cc0cfba620641c589db9378?s=48 napplecomputer
0
140
Scrum Fest Osaka 2022 フルリモート下でのチームビルディング
478bd912a17b65fa0ab8c1d81912b9b1?s=48 moritamasami
2
1.2k
JJUG2022_spring_Keycloak (Red Hat Single Sign-on)
6aab1831cbfef013b122d4cdb3c6680f?s=48 tinoue
0
200
越境チャレンジの現在地 〜Epic大臣制度の今〜
Dd5c63951803a69272ac7a6aaa59401d?s=48 yousak
0
930
Security Hub のマルチアカウント 管理・運用をサーバレスでやってみる
640727b1a8120669de9b6d7f1d469893?s=48 ch6noota
0
840
The application of formal methods in Kafka reliability engineering
A3966f193f4bef226a0d3e3c1f728d7f?s=48 line_developers
PRO
1
180
複数のスクラムチームをサポートするエンジニアリングマネジメントの話
4bddf664b03da8ad6b8d61660dcdc682?s=48 okeicalm
0
1.1k
Custom GitHub Actions by Java
E68f2e8b47dc1769380a1fa8181df3dd?s=48 kazamori
0
290
Camp Digital 2022: tailored advice
8fadc4cc83e533c19a6d13db9d46cb3e?s=48 kyliehavelock
0
150
Implementing Kubernetes operators in Java with Micronaut - TechWeek Java Summit 2022
6ff7b4622483547899dd09918d83732e?s=48 alvarosanchez
0
120
eBPF for Security Observability
676c8aec28ade455c442e648abfa1db5?s=48 lizrice
0
170
SwiftUI Layout
0863933c047ef45d283fe4e1d26bbddc?s=48 auramagi
1
110

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
27
1.5k
Raft: Consensus for Rubyists
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
126
5.4k
Ruby is Unlike a Banana
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
91
9.2k
Learning to Love Humans: Emotional Interface Design
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
37k
Three Pipe Problems
11c84dff30266b907714802088852677?s=48 jasonvnalue
89
8.7k
Scaling GitHub
78b475797a14c84799063c7cd073962f?s=48 holman
451
140k
Teambox: Starting and Learning
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
123
7.7k
Optimizing for Happiness
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
365
63k
The World Runs on Bad Software
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
57
5.3k
How GitHub (no longer) Works
78b475797a14c84799063c7cd073962f?s=48 holman
296
140k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
88f4e84b94fe07cddbd9e6479d689192?s=48 soudai
39
13k
Helping Users Find Their Own Way: Creating Modern Search Experiences
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
7
1.1k

Transcript

  1. cybozu.comͷೝূ աڈɺݱࡏɺະདྷ ΞϓϦέʔγϣϯج൫νʔϜɹ౉ล ੓ٛ Cybozu Tech Conference 2016

  2. ࣗݾ঺հ • ౉ล ੓ٛʢΘͨͳ΂·͞Α͠ʣ • ΞϓϦέʔγϣϯج൫νʔϜ
 ϛυϧ΢ΣΞ͔ΒϑϩϯτΤϯυ·Ͱ • 2010೥ೖࣾ •

    ʹΘ͔ւ֎αοΧʔϑΝϯͰ͢ 

  3. ࠓ೔࿩͢͜ͱ • cybozu.comͷϩάΠϯػೳ • ෳ਺ϓϩμΫτؒͰͷೝূ৘ใͷڞ༗ • cybozu.comͷγϯάϧαΠϯΦϯ • ࠓޙͷ՝୊ͱເͷ͋Δະདྷͷ࿩ 

  4. cybozu.com • B2BΫϥ΢υαʔϏε • ̍ςφϯτ̍αϒυϝΠϯʢςφϯτ㲈ձࣾʣ • ̍ςφϯτ಺ʹෳ਺ͷϓϩμΫτ • ϩάΠϯը໘͸̍ςφϯτʹ͚̍ͭͩ 

  5. αϒυϝΠϯͰςφϯτΛ෼͚Δ 

  6. ̍ςφϯτෳ਺ϓϩμΫτ  corpA.cybozu.com

  7. cybozu.comڞ௨؅ཧ  corpA.cybozu.com

  8. cybozu.comͷϩάΠϯ

  9. None

  10. cybozu.comͷϩάΠϯ • Α͋͘Δύεϫʔυೝূ • αϒυϝΠϯදࣔͰςφϯτΛࣝผՄೳ • ಛʹ೉͍͜͠ͱ͸ͯ͠ͳ͍ • ͨͩ͠ϩάΠϯͷηΩϡϦςΟઃఆ͸ෳࡶ 

  11. ෳࡶͳϩάΠϯͷઃఆ • ೖྗิॿ • ύεϫʔυϙϦγʔ • ΞΧ΢ϯτϩοΫΞ΢τ • ηογϣϯ༗ޮظݶ •

    SAML • ϩάΠϯࣦഊ࣌ͷϝοηʔδ 

  12. ͳͥෳࡶͳͷ͔ • ΦϯϓϨϛεϓϩμΫτͷػೳΛ࠶ݱ • ͍Ζ͍ΖͳاۀͷηΩϡϦςΟཁ݅ʹରԠ
 ྫ)؅ཧऀͱҰൠϢʔβʔͰҟͳΔύεϫʔυͷ࠷খจࣈ਺ • ϒϥ΢βͷਐԽʹ൐͍ෆཁʹͳΓͭͭ͋Δ߲ ໨΋࢒͍ͬͯΔ =>

    ఆظతͳ͓૟আ͕ඞཁ
 ྫ)ϒϥ΢βͷύεϫʔυϚωʔδϟΛ੍ޚ͢Δઃఆ 

  13. ෳ਺ϓϩμΫτؒͷ ೝূ৘ใͷڞ༗

  14. ೝূ৘ใͷڞ༗ʁ • ڞ௨؅ཧͷϩάΠϯը໘ͰϩάΠϯͨ͠Β
 ͢΂ͯͷϓϩμΫτʹΞΫηεՄೳʹ͢Δ͜ͱ • ڞ௨؅ཧ͔ΒϩάΞ΢τͨ͠Β
 ͢΂ͯͷϓϩμΫτ͔ΒϩάΞ΢τ͞ΕΔ͜ͱ 

  15. ݹͷ࣌୅

  16. ݹͷ࣌୅ 

  17. ݹͷ࣌୅ • ϒϥ΢βͰͷϩάΠϯը໘͸ڞ௨؅ཧͷ΋ͷ͚ͩ • ΦϯϓϨϛε࣌୅ΛҾ͖ͣΓɺϓϩμΫτຖʹηογϣϯ؅ ཧʢෳ਺ͷηογϣϯΫοΩʔʣ • ΦϨΦϨೝূ࿈ܞΫοΩʔͰϓϩμΫτؒSSO • ϓϩμΫτͷಠࣗΫϥΠΞϯτʢϞόΠϧͳͲʣ͸ͦΕͧΕ

    Ͱೝূ • ϩάΞ΢τ͸ϩάΞ΢τ༻ͷ࿈ܞΫοΩʔΛు͘ 

  18. ͭΒ͍ɻɻ • ΫοΩʔͰϩάΞ΢τ͢Δʹ͸ɺ͢΂ͯͷϓϩμΫτʹϦΫΤε τඈ͹͞ͳ͍ͱ͍͚ͳ͍ • ϦΫΤετඈ͹ͳ͔ͬͨϓϩμΫτ͸ϩάΠϯঢ়ଶ͕ҡ࣋͞ΕΔ • ΦϨΦϨΫοΩʔ͸ϫϯλΠϜͰ͸ͳ͍ͷͰԿճͰ΋࢖͑Δ
 ʢ༗ޮظݶ͸͋Δʣ •

    ೝূܦ࿏͕ͨ͘͞Μ͋ΔͷͰηογϣϯ؅ཧ͕Ή͍ͣ
 ʢϢʔβʔʹඥͮ͘શηογϣϯ࡟আͱ͔ʣ 

  19. ݱ୅

  20. ݱ୅ 

  21. ݱ୅ • ηογϣϯΫοΩʔΛ̍ͭʹ౷Ұʢڞ௨ηογϣϯʣ • ೝূ৘ใΛJSONͰKVSʹอଘͯ͠ϓϩμΫτͱڞ༗ • ڞ௨ηογϣϯͷσʔλΛมߋͰ͖Δͷ͸ڞ௨؅ཧ͚ͩ • ϓϩμΫτ͸ڞ௨ηογϣϯʹඥ͍ͮͨಠࣗηογϣϯͷσʔ λΛ؅ཧ͢Δ

    • ϓϩμΫτͷΤϯυϙΠϯτͰϩάΠϯ͕ඞཁͳ৔߹ʢϞό ΠϧΞϓϦͳͲʣ͸ɺڞ௨؅ཧͷϩάΠϯAPIʹసૹ͢Δ 

  22. ϩάΠϯॲཧͷ౷ҰʹΑΓηογϣϯ؅ ཧ΋Մೳʹ 

  23. cybozu.comͷSSO

  24. γϯάϧαΠϯΦϯ • ҰճͷϩάΠϯ͚ͩͰෳ਺ͷαʔϏεΛ࢖͑Δ • ϩάΠϯ໊ͱύεϫʔυ͸Ұ͚֮ͭͩ͑Ε͹ྑ͍ • ଞͷαʔϏεͱcybozu.com͕SSOͰ͖Ε͹خ͍͠ • ଞͷαʔϏεͱܨ͕ΔSSOͷͨΊʹඪ४࢓༷ (SAML)Λcybozu.comʹ࣮૷ͨ͠

    

  25. ͍Ζ͍Ζܨ͕Δ • New Relic • Jenkins • Artifactory • Redash


    ʢྡͷ੮ͷਓ͕SAMLपΓͷPR౤͛ͯͨʣ • etc… 

  26. SAML

  27. SAML • OASIS͕ࡦఆͨ͠ೝূ࿈ܞͷͨΊͷ࢓༷ • Ϣʔβʔ͸ೝূαʔόʔʢIdentity Provider = IdPʣʹϩάΠϯ͢Δ͚ͩͰOK • Active

    Directory Federation Services(ADFS)ΛSAML IdPͱͯ͠࢖͑Δ • ϒϥ΢βΛܦ༝͢Δʢϓϩτίϧ΋͋ΔʣͷͰcybozu.comͱADFS͸௚઀௨ ৴Ͱ͖ͳͯ͘΋ྑ͍ • ڵຯ͕͋Δํ͸ͪ͜Β΋Ͳ͏ͧ
 ʮSAMLೝূ͕Ͱ͖Δ·Ͱʯhttp://blog.cybozu.io/entry/4224 

  28. SAML ϑϩʔ 1.Ϣʔβ͕cybozu.comʹΞΫηε͢Δ 2.cybozu.com͕SAMLϦΫΤετΛੜ੒͢Δ 3.Ϣʔβ͕cybozu.com͔ΒSAMLϦΫΤετΛ ड͚औΔ 4.IdP͕ϢʔβΛೝূ͢Δ 5.IdP͕SAMLϨεϙϯεΛੜ੒͢Δ 6.Ϣʔβ͕IdP͔ΒSAMLϨεϙϯεΛड͚औΔ 7.cybozu.com͕SAMLϨεϙϯεΛड͚औΓݕ

    ূ͢Δ 8.SAMLϨεϙϯεͷ಺༰ʹ໰୊͕ͳ͍৔߹͸ Ϣʔβʔ͕cybozu.comʹϩάΠϯͨ͠ঢ়ଶʹ ͳΔ  https://help.cybozu.com/ja/general/admin/saml_settings.html ΑΓҾ༻

  29. ೝূαʔόʔ(IdP)͕ඞཁ • େ͖ͳاۀͰ͋Ε͹ADFS͕͋Δ৔߹΋͋Δ͕ɺ SAMLͷͨΊʹADFSΛಋೖ͢Δͷ͸ॏ͍ɻ • ͓खܰʹ΍ΔͳΒIDaaSΛ࢖͏ͷ͕ྑͦ͞͏ɻ
 (Okta, OneLogin, Azure ADͳͲ)

    

  30. SAML·ͱΊ • SSOʹ࢖͑Δඪ४࢓༷ • ϒϥ΢βΛܦ༝͢ΔͷͰɺೝূαʔόʔͱαʔϏ ε͸௚઀௨৴Ͱ͖ͳͯ͘΋ྑ͍ • ೝূαʔόʔΛཱͯΔͷ͸େมͳͷͰɺIDaaS͔Β ࢝ΊΔͷ͕ྑ͛͞ •

    ΤϯδχΞ͕޷͖ͳπʔϧ΋͍Ζ͍Ζܨ͕Δ 

  31. ࠓޙͷ՝୊ ※࣮૷ͷ༧ఆ͸ະఆͰ͢ʂ

  32. ࠓޙͷ՝୊ • REST APIͷೝূํ͕ࣜಠࣗ࢓༷ͳͷͰ࿈ܞ͕ ೉͍͠ • ೋཁૉೝূͷબ୒ࢶ͕গͳ͍ 

  33. REST APIͷೝূํࣜ • cybozu.comʹ͸REST API͕͋Δ • ೝূ͸ಠࣗͷHTTPϔομʔ • Ϣʔβʔ໊ͱύεϫʔυΛΤϯίʔυ͠ͳ͍ ͱ͍͚ͳ͍

    • OAuthͳͲͷඪ४తͳ࢓༷ΛऔΓೖΕ͍ͨ 

  34. ೋཁૉೝূ • cybozu.comͰ͸ೋཁૉೝূͱͯ͠ΫϥΠΞϯτূ໌ॻ͕͋Δ ͕ɺIPΞυϨε੍ݶΛಥഁ͢ΔͨΊͷཁૉͱͯ͠࢖͏ • ΫϥΠΞϯτূ໌ॻΛWebView͔Β࢖͏ͷ͸Ή͍ͣ
 ʢϞόΠϧΤϯδχΞஊʣ • TOTPʢGoogle Authenticatorతͳ΍ͭʣͳͲͷɺΑ͋͘Δೋ

    ཁૉೝূͷબ୒ࢶ΋͋ͬͯྑ͍ͷͰ͸ • FIDO U2F(ޙड़)ରԠͷυϯάϧ(yubikeyͳͲ)΋໘നͦ͏ 

  35. ເͷ͋Δະདྷͷ࿩

  36. ເͷ͋Δະདྷͷ࿩ • ਓྨ͸ύεϫʔυೝূʹർฐ͍ͯ͠Δ • ύεϫʔυແ͠Ͱೝূͯ͘͠Ε·ͤΜ͔ • FIDO͕͋Δ΍ͳ͍͔ʂ 

  37. FIDO

  38. FIDO Alliance • ύεϫʔυҎ֎ͷೝূͷ࢓༷Λࡦఆ͍ͯ͠Δ • UAFʢύεϫʔυϨεೝূʣͱU2Fʢೋཁૉೝ ূʣͷ࢓༷Λެ։ • ̎ͭͷ࢓༷Λ·ͱΊͯFIDO2.0ͱ͠ɺͦΕΛجʹ ʮWeb

    Authenticationʯͱͯ͠W3CͰ࢓༷ࡦఆத 
 https://www.w3.org/TR/webauthn/ 

  39. Web Authentication • W3Cͷυϥϑτ • ϒϥ΢βͷରԠঢ়گ͸·ͩ·ͩͰϓϩμΫτಋೖ͸ະདྷͷ࿩͕ͩɻɻ • Windows HelloʢWindowsͷੜମೝূʣରԠ୺຤ͷEdge͔Β͓ࢼ͠ Ͱ͖Δʂ

    • ͭ·Γ͸Edge͔ΒੜମೝূͷػೳΛࢼͤΔͱ͍͏͜ͱ • Web authentication and Windows Hello
 https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/device/web-authentication/ 

  40. Windows Hello 

  41. Χοͱͳͬͯϓϩτ࣮૷ͨ͠ • Surface Pro4 • إೝূͰWindows HelloΛ࢖͑Δ • cybozu.comʹإೝূͰϩάΠϯͩʂ •

    σϞ͠·͢
 1. windows helloͷإೝূઃఆ
 2. cybozu.comʹೝূσόΠεΛొ࿥
 3. cybozu.comʹإೝূͰϩάΠϯ 

  42. ·ͱΊ • cybozu.comͷೝূपΓΛͬ͘͟Γ࿩ͨ͠ • B2BͰ͸͍Ζ͍ΖͳηΩϡϦςΟཁ͕݅͋Δ • ΦϯϓϨϛεͷ࢓༷ΛҾ͖ͣΓ͗͢Δͱ௧͍໨ΛݟΔ • ϩάΠϯॲཧ͸ҰՕॴʹ·ͱΊΔͱ֦ு͕༰қ •

    Ϋϥ΢υͷ͓खܰͳSSOʹ͸IDaaS͕ྑͦ͞͏ • FIDO͸ະདྷײ͋Δ • Զͨͪͷઓ͍͸͜Ε͔Βͩ 

  43. ͓͠·͍