Slide 1
Slide 1 text
ೝূΑ͘Θ͔ͬͯͳ͍͔Βɺ
৭ʑࢼͯ͠Έͨ̇
͔͘͝ #19 γϯάϧαΠϯΦϯ!
גࣜձࣾ ݱαϙʔτ
্佂 େ
2019.04.20
Slide 2
Slide 2 text
ࣗݾհ
• ্佂 େ (řŚŜŵ ŻŝűƁ)
• @kusokamayarou
• ग़ / ॴࡏɿࣛࣇౡݝປ࡚ࢢ
• 2012ʹ౦ژ͔Β̪λʔϯͰݱ৬ɻ2018͔ΒςϨϫʔΫɻ
• 2018͔ΒɺJAWS-UG ࣛࣇౡ ίΞϝϯόʔɻ
• ͖ͳ͜ͱɿՈɾԹઘɾອըΛಡΉ͜ͱɾྉཧͳͲ
Slide 3
Slide 3 text
࣍
1. ·ͣɺ࠷ॳʹ…
2. ೝূͬͯԿʁ
3. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢
4. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢
5. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢
6. iOS Ͱ Amazon Cognito User Pool Λࢼ͢
7. ·ͱΊ
Slide 4
Slide 4 text
·ͣɺ࠷ॳʹ…
Slide 5
Slide 5 text
ઌʹँ͓͖ͬͯ·͢!!
Slide 6
Slide 6 text
৭ʑࢼ͠·͕ͨ͠…
Slide 7
Slide 7 text
ೝূͷ͜ͱɺ
͋Μ·Γࣗ৴ͳ͍…
Slide 8
Slide 8 text
ͬͺΓ
Α͘Θ͔Μͳ͍!!
Slide 9
Slide 9 text
ͳͷͰ
ؒҧͬͯͨΒ
͝ΊΜͳ͍͞
Slide 10
Slide 10 text
ೝূͬͯԿʁ
Slide 11
Slide 11 text
άάͬͯԼ͍͞!!
Slide 12
Slide 12 text
ͦ
Ε
͡
Ό
͕
ऴ
Θ
ͬ
ͪ
Ό
͏
ϒϥοΫδϟοΫʹΑΖ͘͠
ࠤ౻लๆ
Ͱ
͠
ΐ
͏
͕
ᴺ
ο
Slide 13
Slide 13 text
ͱ͍͏༁ʹ
͍͔ͳ͍ͷͰ
…
Slide 14
Slide 14 text
ࠓ͓͢Δ͜ͱʹؔͯ͠ɺ
؆୯ʹ…
• SAML
Slide 15
Slide 15 text
SAML
(Security Assertion Markup Language)
• IdP (Identity Provider)
• ೝূใΛఏڙ͢Δଆ
• OpenIDͩͱɺOP (OpenID Provider)
• SP (Service Provider)
• ೝূใΛར༻͢Δଆ
• OpenIDͩͱɺRP (Relying Party)
• ϑΣσϨʔγϣϯ (Federation)
• …࿈߹ɺಉໍɺ࿈ɺ࿈߹߹ձɺ࿈ໍ
Slide 16
Slide 16 text
ŲŐũƄƀŖŢŔƃ
SAMLᶃ
(IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)
41 *E1
$PPLJFΛ֬ೝ
ೝূ0,
Slide 17
Slide 17 text
ŲŐũƄƀŖŢŔƃ
SAMLᶄ
(IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)
41 *E1
$PPLJFΛ֬ೝ
ೝূ/(
ೝূ0,
ɾšŖűƄţ
ɾ*% ŸŖſŗŪƄƀţ
Slide 18
Slide 18 text
ŲŐũƄƀŖŢŔƃ
SAMLᶅ
(IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)
41 *E1
$PPLJFΛ֬ೝ
ೝূ/(
ೝূ/(
ೝূ0,
$PPLJFΛ֬ೝ
ೝূ0,
ɾšŖűƄţ
ɾ*% ŸŖſŗŪƄƀţ
Slide 19
Slide 19 text
OpenAM ͱ
cybozu.com Ͱ
SAML Λࢼ͢
Slide 20
Slide 20 text
OpenAM
@ ForgeRock
• OpenAM - Wikipedia
• OpenAMͬͯͳʹʁ - Qiita
• ForgeRock Backstage
• Idp SP Մɻ
•
Slide 21
Slide 21 text
cybozu.com
@ αΠϘζ
• αΠϘζͷΫϥυαʔϏεʹ͍ͭͯɹ
cybozu.com
• SAMLೝূͷઃఆ - cybozu.com ϔϧϓ
• αΠϘζגࣜձࣾ
• SP ͷΈɻ
•
Slide 22
Slide 22 text
ŲŐũƄƀŖŢŔƃ
SAMLᶆ
(OpenAM - cybozu.com)
41 *E1
Slide 23
Slide 23 text
OpenAM ͱ cybozu.com Ͱ
SAML Λࢼ͢
• Amazon Linux ʹ OpenAM ΛΠϯετʔ
ϧͯ͠ΈΔ - Qiita
• OpenAM ͱ cybozu.com ͷ SAML ೝূΛ
֬ೝͯ͠ΈΔ - Qiita
•
Slide 24
Slide 24 text
python (pysaml2) ͱ
cybozu.com Ͱ
SAML Λࢼ͢
Slide 25
Slide 25 text
pysaml2
@ IdentityPython
• IdentityPython/pysaml2: Python
implementation of SAML2
• Idp SP Մɻ
•
Slide 26
Slide 26 text
ŲŐũƄƀŖŢŔƃ
SAMLᶇ
(OpenAM - pysaml2)
41 *E1
QZTBNM
Slide 27
Slide 27 text
python (pysaml2) ͱ cybozu.com Ͱ
SAML Λࢼ͢
• python (pysaml2) ͔Β cybozu.com
ͷ SAML ೝূΛ֬ೝͯ͠ΈΔ - Qiita
•
Slide 28
Slide 28 text
JavaScript Ͱ
Amazon Cognito
User Pool
Λࢼ͢
Slide 29
Slide 29 text
Amazon Cognito User Pool
@ AWS
• Amazon Cognito Ϣʔβʔϓʔϧ - Amazon Cognito
• AWS Black Belt Online Seminar 2017 Amazon Cognito
• AWS Black Belt Online Seminar 2016 Amazon Cognito
• AWS Black Belt Online Seminar 2015 Amazon Cognito
• AWS Cognitoʹ͍ͭͯௐͯΈͨ - Qiita
• SP ͷΈɻ
Slide 30
Slide 30 text
ŲŐũƄƀŖŢŔƃ
Amazon Cognito User Pool
(Javascript)
41 *E1
"NB[PO$PHOJUP
6TFS1PPM
ɾೝূػೳ
"NB[PO$PHOJUP
*EFOUJUZ1PPM
ɾೝՄػೳ
˞֤छ"84Ϧιʔε
˞֎෦*%ϓϩόΠμ
Slide 31
Slide 31 text
JavaScript Ͱ
Amazon Cognito User Pool Λࢼ͢
• Amazon Cognito UserPools Λ
JavaScript ͔ΒͬͯΈΔ - Qiita
•
Slide 32
Slide 32 text
iOS Ͱ
Amazon Cognito
User Pool
Λࢼ͢
Slide 33
Slide 33 text
ŲŐũƄƀŖŢŔƃ
Amazon Cognito User Pool
(iOS)
41 *E1
"NB[PO$PHOJUP
6TFS1PPM
ɾೝূػೳ
"NB[PO$PHOJUP
*EFOUJUZ1PPM
ɾೝՄػೳ
˞֤छ"84Ϧιʔε
˞֎෦*%ϓϩόΠμ
Slide 34
Slide 34 text
iOS Ͱ
Amazon Cognito User Pool Λࢼ͢
• Amazon Cognito UserPools
Λ iOS ͔ΒͬͯΈΔ - Qiita
•
Slide 35
Slide 35 text
·ͱΊ
Slide 36
Slide 36 text
·ͱΊᶃ
• ಄ʹॻ͖·͕ͨ͠ɺೝূͬͺΓ͍͠Ͱ͢…ɻ
• ࢲ৭ʑௐͨΓɺࢼͨ͠Γ͠·͕ͨ͠…ɺͳ͔ͳ͔ࡉ͔͍ͱ͜
Ζ·Ͱཧղ͢Δͷ…ɻ
• ͨͩɺΓΤϯδχΞΒ͘͠ɺखΛಈ͔͢ͷ͕Ұ൪ͩͱࢥ͍·
͢ɻ
• ࠓճ͝հͨ͠ɺOpenAM pysaml2 ͳͲͷ OSS ɺσόοά
ͰτʔΫϯͷΓऔΓϓϩτίϧͷྲྀΕΛ֬ೝͰ͖ͯྑ͍Μ
͡Όͳ͍͔ͱࢥ͍·͢ɻ
Slide 37
Slide 37 text
·ͱΊᶄ
• ͨͩɺϓϩμΫτΛ։ൃ͢ΔͷͰ͋ΕɺOSS Λར༻ͨ͠Γɺθϩ͔Β͢
ΔΑΓɺAWS GCP ͳͲͷύϒϦοΫΫϥυΛར༻͢Δํ͕ྑ͍Μ͡Ό
ͳ͍͔ɺͱݸਓతʹࢥ͍ͬͯ·͢ɻ
• ։ൃɾӡ༻ͷίετݮɺεέʔϦϯάɺϏοάαʔϏεͰͷར༻อূɺϝʔ
ϧSMSͷऔΓѻ͍ɺTFAͳͲɺϞόΠϧΞϓϦͱͷ૬ੑ͕ྑ͍༷ʹࢥ͍·
͢ɻ
• ಛʹɺ֤छใϦιʔεΛύϒϦοΫΫϥυʹ֨ೲ͍ͯ͠ΔͷͰ͋Εɺར
༻ͨ͠ํ͕ྑ͍ؾ͕͠·͢ɻ
• Ͱɺϊϋແ͔ͬͨΓ͢Δͱɺ৭ʑϋϚΔ໘ͦΕͳΓʹ͋Δ͔…ɻ
Slide 38
Slide 38 text
͓Βͤ
Slide 39
Slide 39 text
ݱαϙʔτ
• HP - גࣜձࣾݱαϙʔτ
• Facebook - ʢגʣݱαϙʔτ - ϗʔϜ
• ϑΥϩʔ͓ئ͍͠·͢ɻ
• HP - ݱΫϥυ Conne ʢίϯωʣ
• ʮݐઃۀͷνʔϜϫʔΫΛΑΓڧ͘ɻΑΓεϜʔζʹɻʯ
• ৽͘͠ݐઃۀք͚ͷۀίϛϡχέʔγϣϯαʔϏεΛల։͓ͯ͠Γ·͢
• Ԡԉɾ͝ڠྗͷఔɺΑΖ͓͘͠ئ͍͠·͢ɻ
Slide 40
Slide 40 text
ίϛϡχςΟ
• JAWS-UG ࣛࣇౡ
• JAWS-UGࣛࣇౡ | Doorkeeper ɺFacebook - AWS User Group - ࣛࣇౡ
• CoderDojo ࣛࣇౡ
• CoderDojoࣛࣇౡ - connpass ɺFacebook - CoderDojo ࣛࣇౡ
• ্هίϛϡχςΠʹͯఆظతʹΠϕϯτΛ։࠵͓ͯ͠Γ·̇͢
• ͝߹ΑΖ͚͠Εɺ͓ؾܰʹ͝ࢀՃ͍ͩ͘͞ɻ
Slide 41
Slide 41 text
kusokamayarou
• kusokamayarou - facebook
• kusokamayarou | Twitter
• kusokamayarou - Qiita
• kusokamayarou - GitHub
• ࣛࣇౡࢢͷاۀʹۈΊͯɺປ࡚ͰςϨϫʔΫͯ͠Δ IT ΤϯδχΞͬΆ͍ਓͷϒ
ϩά | ͯͳϒϩά
• ίϛϡχςΟʹؔ͢Δ͜ͱٕज़తͳ Tips ͳͲߘͨ͠Γͯ͠·͢ɻ
• ݟ͔͚ͨΒɺʮΞΠπ͕ॻ͍ͯΜͩͳʯͱࢥ͚ͬͯΔͱخ͍͠Ͱ͢ɻ
Slide 42
Slide 42 text
࠷ޙʹ
Slide 43
Slide 43 text
ࠓճ͜ͷ༷ͳܗͰ͓͢ΔػձΛ͚ͨ͜
ͱɺඇৗʹ͋Γ͕ͨ͘ࢥ͓ͬͯΓ·͢ɻ
͞ΜΛ͡Ίɺ͔͝Μ ŠŶœŬũŎͷํʑ
TUKUDDO ͷํʑ
ฐࣾͷϝϯό
ͦͯ͠ɺࠓ͓ӽ͍ͨ͠ࢀՃऀͷօ༷
Ͳ͏͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ
Slide 44
Slide 44 text
͝੩ௌ
Ͳ͏͋Γ͕ͱ͏
͍͟͝·ͨ͠
Slide 45
Slide 45 text
ύνύν
ύνύν
ύνʙ
ऴΘΓ̇