[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪
by
KUSOKAMAYAROU
Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
ೝূΑ͘Θ͔ͬͯͳ͍͔Βɺ ৭ʑࢼͯ͠Έͨ̇ ͔͘͝ #19 γϯάϧαΠϯΦϯ! גࣜձࣾ ݱαϙʔτ ্佂 େ 2019.04.20
Slide 2
Slide 2 text
ࣗݾհ • ্佂 େ (řŚŜŵ ŻŝűƁ) • @kusokamayarou • ग़ / ॴࡏɿࣛࣇౡݝປ࡚ࢢ • 2012ʹ౦ژ͔Β̪λʔϯͰݱ৬ɻ2018͔ΒςϨϫʔΫɻ • 2018͔ΒɺJAWS-UG ࣛࣇౡ ίΞϝϯόʔɻ • ͖ͳ͜ͱɿՈɾԹઘɾອըΛಡΉ͜ͱɾྉཧͳͲ
Slide 3
Slide 3 text
࣍ 1. ·ͣɺ࠷ॳʹ… 2. ೝূͬͯԿʁ 3. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ 4. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ 5. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ 6. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ 7. ·ͱΊ
Slide 4
Slide 4 text
·ͣɺ࠷ॳʹ…
Slide 5
Slide 5 text
ઌʹँ͓͖ͬͯ·͢!!
Slide 6
Slide 6 text
৭ʑࢼ͠·͕ͨ͠…
Slide 7
Slide 7 text
ೝূͷ͜ͱɺ ͋Μ·Γࣗ৴ͳ͍…
Slide 8
Slide 8 text
ͬͺΓ Α͘Θ͔Μͳ͍!!
Slide 9
Slide 9 text
ͳͷͰ ؒҧͬͯͨΒ ͝ΊΜͳ͍͞
Slide 10
Slide 10 text
ೝূͬͯԿʁ
Slide 11
Slide 11 text
άάͬͯԼ͍͞!!
Slide 12
Slide 12 text
ͦ Ε ͡ Ό ͕ ऴ Θ ͬ ͪ Ό ͏ ϒϥοΫδϟοΫʹΑΖ͘͠ ࠤ౻लๆ Ͱ ͠ ΐ ͏ ͕ ᴺ ο
Slide 13
Slide 13 text
ͱ͍͏༁ʹ ͍͔ͳ͍ͷͰ …
Slide 14
Slide 14 text
ࠓ͓͢Δ͜ͱʹؔͯ͠ɺ ؆୯ʹ… • SAML
Slide 15
Slide 15 text
SAML (Security Assertion Markup Language) • IdP (Identity Provider) • ೝূใΛఏڙ͢Δଆ • OpenIDͩͱɺOP (OpenID Provider) • SP (Service Provider) • ೝূใΛར༻͢Δଆ • OpenIDͩͱɺRP (Relying Party) • ϑΣσϨʔγϣϯ (Federation) • …࿈߹ɺಉໍɺ࿈ɺ࿈߹߹ձɺ࿈ໍ
Slide 16
Slide 16 text
ŲŐũƄƀŖŢŔƃ SAMLᶃ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ) 41 *E1 $PPLJFΛ֬ೝ ೝূ0,
Slide 17
Slide 17 text
ŲŐũƄƀŖŢŔƃ SAMLᶄ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ) 41 *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ
Slide 18
Slide 18 text
ŲŐũƄƀŖŢŔƃ SAMLᶅ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ) 41 *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ/( ೝূ0, $PPLJFΛ֬ೝ ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ
Slide 19
Slide 19 text
OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢
Slide 20
Slide 20 text
OpenAM @ ForgeRock • OpenAM - Wikipedia • OpenAMͬͯͳʹʁ - Qiita • ForgeRock Backstage • Idp SP Մɻ •
Slide 21
Slide 21 text
cybozu.com @ αΠϘζ • αΠϘζͷΫϥυαʔϏεʹ͍ͭͯɹ cybozu.com • SAMLೝূͷઃఆ - cybozu.com ϔϧϓ • αΠϘζגࣜձࣾ • SP ͷΈɻ •
Slide 22
Slide 22 text
ŲŐũƄƀŖŢŔƃ SAMLᶆ (OpenAM - cybozu.com) 41 *E1
Slide 23
Slide 23 text
OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ • Amazon Linux ʹ OpenAM ΛΠϯετʔ ϧͯ͠ΈΔ - Qiita • OpenAM ͱ cybozu.com ͷ SAML ೝূΛ ֬ೝͯ͠ΈΔ - Qiita •
Slide 24
Slide 24 text
python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢
Slide 25
Slide 25 text
pysaml2 @ IdentityPython • IdentityPython/pysaml2: Python implementation of SAML2 • Idp SP Մɻ •
Slide 26
Slide 26 text
ŲŐũƄƀŖŢŔƃ SAMLᶇ (OpenAM - pysaml2) 41 *E1 QZTBNM
Slide 27
Slide 27 text
python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ • python (pysaml2) ͔Β cybozu.com ͷ SAML ೝূΛ֬ೝͯ͠ΈΔ - Qiita •
Slide 28
Slide 28 text
JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢
Slide 29
Slide 29 text
Amazon Cognito User Pool @ AWS • Amazon Cognito Ϣʔβʔϓʔϧ - Amazon Cognito • AWS Black Belt Online Seminar 2017 Amazon Cognito • AWS Black Belt Online Seminar 2016 Amazon Cognito • AWS Black Belt Online Seminar 2015 Amazon Cognito • AWS Cognitoʹ͍ͭͯௐͯΈͨ - Qiita • SP ͷΈɻ
Slide 30
Slide 30 text
ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (Javascript) 41 *E1 "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ
Slide 31
Slide 31 text
JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito UserPools Λ JavaScript ͔ΒͬͯΈΔ - Qiita •
Slide 32
Slide 32 text
iOS Ͱ Amazon Cognito User Pool Λࢼ͢
Slide 33
Slide 33 text
ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (iOS) 41 *E1 "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ
Slide 34
Slide 34 text
iOS Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito UserPools Λ iOS ͔ΒͬͯΈΔ - Qiita •
Slide 35
Slide 35 text
·ͱΊ
Slide 36
Slide 36 text
·ͱΊᶃ • ಄ʹॻ͖·͕ͨ͠ɺೝূͬͺΓ͍͠Ͱ͢…ɻ • ࢲ৭ʑௐͨΓɺࢼͨ͠Γ͠·͕ͨ͠…ɺͳ͔ͳ͔ࡉ͔͍ͱ͜ Ζ·Ͱཧղ͢Δͷ…ɻ • ͨͩɺΓΤϯδχΞΒ͘͠ɺखΛಈ͔͢ͷ͕Ұ൪ͩͱࢥ͍· ͢ɻ • ࠓճ͝հͨ͠ɺOpenAM pysaml2 ͳͲͷ OSS ɺσόοά ͰτʔΫϯͷΓऔΓϓϩτίϧͷྲྀΕΛ֬ೝͰ͖ͯྑ͍Μ ͡Όͳ͍͔ͱࢥ͍·͢ɻ
Slide 37
Slide 37 text
·ͱΊᶄ • ͨͩɺϓϩμΫτΛ։ൃ͢ΔͷͰ͋ΕɺOSS Λར༻ͨ͠Γɺθϩ͔Β͢ ΔΑΓɺAWS GCP ͳͲͷύϒϦοΫΫϥυΛར༻͢Δํ͕ྑ͍Μ͡Ό ͳ͍͔ɺͱݸਓతʹࢥ͍ͬͯ·͢ɻ • ։ൃɾӡ༻ͷίετݮɺεέʔϦϯάɺϏοάαʔϏεͰͷར༻อূɺϝʔ ϧSMSͷऔΓѻ͍ɺTFAͳͲɺϞόΠϧΞϓϦͱͷ૬ੑ͕ྑ͍༷ʹࢥ͍· ͢ɻ • ಛʹɺ֤छใϦιʔεΛύϒϦοΫΫϥυʹ֨ೲ͍ͯ͠ΔͷͰ͋Εɺར ༻ͨ͠ํ͕ྑ͍ؾ͕͠·͢ɻ • Ͱɺϊϋແ͔ͬͨΓ͢Δͱɺ৭ʑϋϚΔ໘ͦΕͳΓʹ͋Δ͔…ɻ
Slide 38
Slide 38 text
͓Βͤ
Slide 39
Slide 39 text
ݱαϙʔτ • HP - גࣜձࣾݱαϙʔτ • Facebook - ʢגʣݱαϙʔτ - ϗʔϜ • ϑΥϩʔ͓ئ͍͠·͢ɻ • HP - ݱΫϥυ Conne ʢίϯωʣ • ʮݐઃۀͷνʔϜϫʔΫΛΑΓڧ͘ɻΑΓεϜʔζʹɻʯ • ৽͘͠ݐઃۀք͚ͷۀίϛϡχέʔγϣϯαʔϏεΛల։͓ͯ͠Γ·͢ • Ԡԉɾ͝ڠྗͷఔɺΑΖ͓͘͠ئ͍͠·͢ɻ
Slide 40
Slide 40 text
ίϛϡχςΟ • JAWS-UG ࣛࣇౡ • JAWS-UGࣛࣇౡ | Doorkeeper ɺFacebook - AWS User Group - ࣛࣇౡ • CoderDojo ࣛࣇౡ • CoderDojoࣛࣇౡ - connpass ɺFacebook - CoderDojo ࣛࣇౡ • ্هίϛϡχςΠʹͯఆظతʹΠϕϯτΛ։࠵͓ͯ͠Γ·̇͢ • ͝߹ΑΖ͚͠Εɺ͓ؾܰʹ͝ࢀՃ͍ͩ͘͞ɻ
Slide 41
Slide 41 text
kusokamayarou • kusokamayarou - facebook • kusokamayarou | Twitter • kusokamayarou - Qiita • kusokamayarou - GitHub • ࣛࣇౡࢢͷاۀʹۈΊͯɺປ࡚ͰςϨϫʔΫͯ͠Δ IT ΤϯδχΞͬΆ͍ਓͷϒ ϩά | ͯͳϒϩά • ίϛϡχςΟʹؔ͢Δ͜ͱٕज़తͳ Tips ͳͲߘͨ͠Γͯ͠·͢ɻ • ݟ͔͚ͨΒɺʮΞΠπ͕ॻ͍ͯΜͩͳʯͱࢥ͚ͬͯΔͱخ͍͠Ͱ͢ɻ
Slide 42
Slide 42 text
࠷ޙʹ
Slide 43
Slide 43 text
ࠓճ͜ͷ༷ͳܗͰ͓͢ΔػձΛ͚ͨ͜ ͱɺඇৗʹ͋Γ͕ͨ͘ࢥ͓ͬͯΓ·͢ɻ ͞ΜΛ͡Ίɺ͔͝Μ ŠŶœŬũŎͷํʑ TUKUDDO ͷํʑ ฐࣾͷϝϯό ͦͯ͠ɺࠓ͓ӽ͍ͨ͠ࢀՃऀͷօ༷ Ͳ͏͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ
Slide 44
Slide 44 text
͝੩ௌ Ͳ͏͋Γ͕ͱ͏ ͍͟͝·ͨ͠
Slide 45
Slide 45 text
ύνύν ύνύν ύνʙ ऴΘΓ̇