Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

Similar documents
"CAS を利用した Single Sign On 環境の構築"

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

"CAS を利用した Single Sign On 環境の構築"

Dec , IS p. 1/60

"CAS を利用した Single Sign On 環境の構築"

main.dvi

1: 3 CAS[3] uportal[4] (Web ) 3.1 CAS CAS[3] Yale JA-SIG [5] CAS 1. 2(1) CAS Web (2)CAS ID LDAP 2. 2(3) CAS Web CAS Ticket (4)Web Ticket 3. Ticket Web

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

25 About what prevent spoofing of misusing a session information

Oracle Identity Managementの概要およびアーキテクチャ

PowerPoint プレゼンテーション

2

Web Web Web Web i

untitled


596_H1H4.indd

せきがはら08月号.ec6

Rotem Meter View Software

今から間にあう仮想化入門とXenについて

DocuWide 2051/2051MF 補足説明書

Lotus Domino XML活用の基礎!

Oracle Calendar Oracle Collaboration Suite 2(9.0.4) Creation Date: Jun 04, 2003 Last Update: Nov 18, 2003 Version:

7,, i

Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows

untitled

,,.,,., II,,,.,,.,.,,,.,,,.,, II i

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

スタートアップガイド_応用編

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

2

2

Microsoft Word - D JP.docx

honbun.indd

OpenAM(OpenSSO) のご紹介

ローカル認証の設定例を含む WLC 5760/3850 Custom WebAuth

I. Opal SSC 1. Opal SSC 2. Opal Storage 3. Opal Storage MBR Shadowing 6. SP II. TCG Opal SSC HDD 9. Opal SSC HDD *1. TCG: Trusted Computin

2

LAN LAN LAN LAN LAN LAN,, i

untitled

ppt

_‚Ofl¼

untitled

untitled

untitled

Express5800/320Fa-L/320Fa-LR

HIS-CCBASEver2

JEE 上の Adobe Experience Manager forms のインストールおよびデプロイ(WebLogic 版)

A

2

19_22_26R9000操作編ブック.indb

¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ

RTX830 取扱説明書

3 no.

MOTIF XF 取扱説明書

u u u 1 1

WYE771W取扱説明書

フカシギおねえさん問題の高速計算アルゴリズム

TeraTerm Pro V.2.32の利用法

 

VMware View Persona Management

nakayama15icm01_l7filter.pptx

名称未設定

Epson Print Admin

ユーザ デバイス プロファイル エクス ポートの使用方法

Web 認証拡張機能簡易ドキュメント

2/ PPPoE... 9 AC(Access Concentrator) PPPoE PPPoE Ping FTP PPPoE

内閣官房情報セキュリティセンター(NISC)

CSV ToDo ToDo

Oracle Secure Enterprise Search 10gを使用したセキュアな検索

2

untitled

A B, ID End-User 3 How do I get an OpenID?, 4

Web Web Web Web Web, i

2/ PPPoE AC(Access Concentrator) PPPoE PPPoE Ping FTP PP

XMLアクセス機能説明書

untitled

<Documents Title Here>


WIDE 1

unix.dvi



好きですまえばし

Liberty for XML cons

shio_ PDF

N Express5800/R320a-E4 N Express5800/R320a-M4 ユーザーズガイド

Express5800/R320a-E4, Express5800/R320b-M4ユーザーズガイド

ビッグデータアナリティクス - 第3回: 分散処理とApache Spark

『こみの株式会社』の実践

,276 3,

EX-word_Library_JA

324.pdf

untitled

2011年11月10日 クラウドサービスのためのSINET 学認説明会 九州地区説明会 九州大学キャンパス クラウドシステムの導入 伊東栄典 情報基盤研究開発センター 1



Hybrid Identity ~ 認証システムデザインパターン

i

Express5800/320Fc-MR

PPPoE HATS LAN

Transcription:

CAS Single Sign On naito@math.nagoya-u.ac.jp naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 1/32

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 2/32

CAS & CAS 2 CAS Yale Open Source software Authentication JA-SIG Official Project Authorization (CAS 2 ) Single Sign On naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 3/32

CAS 2 https://mynu.jp/ http://tomcat.math.nagoya-u.ac.jp/test/ Single Sign On. naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 4/32

CAS (CAS 2 ) Server (including CAS client) (over Tomcat) Directory Server (example ) Ticket Granting Cookie () Service Ticket (ST) naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 5/32

CAS (CAS 2 ) Login &ST ST ST One Time Ticket ST Authentication, ST Authorization ST Varidation Application Timeout Session Timeout Logout naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 6/32

CAS (1: Login (1)) 1 1. Access to https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 7/32

CAS (1: Login (2)) 1 2 2 Login Window 2. Redirect to https://cas/login&service=https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 8/32

CAS (1: Login (3)) Service Authorization Authentication 3 Login Window 3. Input UserID & Password with service https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 9/32

CAS (1: Login (4)) AA Results 3 4 ST 4. Send Ticket Granting Cookie to Browser naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 10/32

CAS (1: Login (5)) ST AA results 5 5 5. Redirect to https://afqdn/a.html&ticket=st-xxx naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 11/32

CAS (1: Login (6)) 6 Authorization ST 5 5 6. Verify Service Ticket naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 12/32

CAS (1: Login (7)) 6 AA Authorization Result 7 7. Receive verify result form CAS server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 13/32

CAS (1: Login (8)) 7 8 8. Receive Data from Application Server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 14/32

CAS ( ) Login JavaScript/HTTP redirection visible Login Window naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 15/32

CAS (2: Verify Ticket) Login ST Authorization Service Class count down timer ST Timeout Login redirection Authorization ST naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 16/32

CAS (2: Verify Ticket (0)) ST naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 17/32

CAS (2: Verify Ticket (1)) ST 1 1. Access to https://afqdn/a.html&ticket=st-xxxxx naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 18/32

CAS (2: Verify Ticket (2)) Service Authorization 2 ST 1 2. Verify ticket=st-xxxxx with service=https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 19/32

CAS (2: Verify Ticket (3)) 2 Authorization Authorization results 3 3. Get authorization results and user infomation naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 20/32

CAS (2: Verify Ticket (4)) 3 4 4. Reply from naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 21/32

Verify Ticket Verify Ticket CAS client CAS client (Original CAS) Ticket Validation ID CAS client (CAS 2 ) Ticket Validation Application CAS client naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 22/32

CAS (3: Access to another Application) Ticket Granting Ticket Service Ticket Service Ticket Timeout Service Class Ticket Granting Cookie Service Ticket naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 23/32

CAS (3: Access to another Application (0)) no ST, ST is expired or ST is belonged to different ACCESS CLASS naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 24/32

CAS (3: Access to another Application (1)) 1 1. Access to https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 25/32

CAS (3: Access to another Application (2)) 1 2 4. Redirect to https://cas/login&service=https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 26/32

CAS (3: Access to another Application (3)) ST Service Authorization Authorization results 3 2 1 3 5. Redirect to https://afqdn/a.html&ticket=st-xxx naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 27/32

CAS (3: Access to another Application (4)) 4 Authorization ST 3 3 6. Verify Service Ticket naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 28/32

CAS (3: Access to another Application (5)) 4 Authorization Authorization Result 5 7. Receive verify result form CAS server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 29/32

CAS (3: Access to another Application (6)) 5 6 8. Receive Data from Application Server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 30/32

CAS Single Sign On CAS client module 4000 / Sun Fire V480 (1.0GHz UltraSPAC III Cu x 2) 4.0GB Memory Solaris 8 naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 31/32

Federated CAS CAS Version 3 naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 32/32

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック