"CAS を利用した Single Sign On 環境の構築"

Similar documents
"CAS を利用した Single Sign On 環境の構築"

Dec , IS p. 1/60

"CAS を利用した Single Sign On 環境の構築"

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

main.dvi

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

Oracle Identity Managementの概要およびアーキテクチャ

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

1: 3 CAS[3] uportal[4] (Web ) 3.1 CAS CAS[3] Yale JA-SIG [5] CAS 1. 2(1) CAS Web (2)CAS ID LDAP 2. 2(3) CAS Web CAS Ticket (4)Web Ticket 3. Ticket Web

内閣官房情報セキュリティセンター(NISC)

Oracle Secure Enterprise Search 10gを使用したセキュアな検索


25 About what prevent spoofing of misusing a session information

7,, i

Oracle Web Conferencing Oracle Collaboration Suite 2 (9.0.4) Creation Date: May 14, 2003 Last Update: Jan 21, 2005 Version: 1.21

untitled

2

Oracle Calendar Oracle Collaboration Suite 2(9.0.4) Creation Date: Jun 04, 2003 Last Update: Nov 18, 2003 Version:

Web STEPS Web Web Form Cookie HTTP STEPS Web

組織変更ライブラリ

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

PowerPoint プレゼンテーション

untitled

Web Web ( (SOAP (SOAP/http (WSDL UDDI 1. 2.XML 3. (XDoS http, https SOAP XML Web/App ( App

Vol. 45 No Web ) 3) ),5) 1 Fig. 1 The Official Gazette. WTO A

<Documents Title Here>

BIG‑IP Access Policy Manager | F5 Datasheet

FirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client Edge Client Edge Client Edge Client LAN Edge Client VPN Wi

Oracle Application Server 10g( )インストール手順書

スライド 1

<Insert Picture Here> Oracle Business Intelligence 2006/6/27

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

Encryption Security

Oracle Application Server 10g(9

雲の中のWebアプリケーション監視術!~いまなら間に合うクラウド時代の性能監視入門~

<Documents Title Here>

第2回_416.ppt

<Documents Title Here>

FileMaker Server Getting Started Guide

SSO Sales/Tech combined webinar template

SAML

Web Web Web Web i

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

i

DocuCentre-III C3300 / C2200

rzat10pdf.ps

Oracle Application Server 10g(9

,,, J-SOX ISMS PCIDSS,, IM/VoIP/VoD Copyright 2008 Juniper Networks, Inc. 2

11 Windows XP IP WEP (Web )

○広島大学職員任免規則\(案\)

○広島大学船員就業規則

 

shio_ PDF

wp_integrating_active_directory_ml

2

ppt

OpenAM(OpenSSO) のご紹介

IPSJ SIG Technical Report * Wi-Fi Survey of the Internet connectivity using geolocation of smartphones Yoshiaki Kitaguchi * Kenichi Nagami and Yutaka

LAN LAN LAN LAN LAN LAN,, i

wp_integrating_AD_10.9_16JAN2014

FileMaker Server Getting Started Guide

untitled

rzammpdf.ps

1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D

橡CoreTechAS_OverView.PDF

_‚Ofl¼

JP1/Integrated Management - Service Support 操作ガイド

untitled

untitled

DEIM Forum 2010 D Development of a La

FileMaker Server 9 Getting Started Guide

Cisco Unity と Unity Connection Server の設定

Microsoft Word - D JP.docx

ApeosPort-III C3300 / C2200

etrust Access Control etrust Access Control UNIX(Linux, Windows) 2

IPSJ SIG Technical Report Vol.2013-GN-86 No.35 Vol.2013-CDS-6 No /1/17 1,a) 2,b) (1) (2) (3) Development of Mobile Multilingual Medical

DEIM Forum 2019 H2-2 SuperSQL SuperSQL SQL SuperSQL Web SuperSQL DBMS Pi

2 BIG-IP 800 LTM v HF2 V LTM L L L IP GUI VLAN.

Packet Tracer: 拡張 ACL の設定 : シナリオ 1 トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/ N/A G0/

Aventail EX-2500/1600/750 STv(Ver.8.9) Sep 2007 c 2007 SonicWALL,Inc. All rights reserved.

Windowsユーザーの為のOracle Database セキュリティ入門

untitled

untitled

Testing XML Performance

WebRTC P2P,. Web,. WebRTC. WebRTC, P2P, i

Lotus Domino XML活用の基礎!

1 BrainPad Inc.) KN6F ,375, ASP EC NHN Japan SAS Institute Japan BB 50 BrainPad Inc , All rights reserved. 1

I

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

HP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree

<Documents Title Here>

Google Apps / Gmail

Oracle9iAS Release 2 (9.0.2) セキュリティ機能概要

untitled

Lync Server 2010 Lync Server Topology Builder BIG-IP LTM Topology Builder IP Lync 2010 BIG IP BIG-IP VE Virtual Edition BIG-IP SSL/TLS BIG-IP Edge Web

FileMaker Server Getting Started Guide

untitled

All Rights Reserved, Copyright FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED



Transcription:

CAS 2 Single Sign On 1,3, 2,3, 2, 2,3 1 2 3 May 31, 2007 ITRC p. 1/29

Plan of Talk Brief survey of Single Sign On using CAS Brief survey of Authorization Environment using CAS 2 Summary May 31, 2007 ITRC p. 2/29

. Example IP May 31, 2007 ITRC p. 3/29

> UserID Password DB Single Sign On DB May 31, 2007 ITRC p. 4/29

Brief survey of SSO using CAS CAS (Central Authentication Service) Web Application Single Sign On (SSO) Yale University, JA-SIG Open Source Cookie, http direction, JavaScript SSL (https) DB, DB DB Web Application CAS May 31, 2007 ITRC p. 5/29

Brief... using CAS > Usual Authentication Web Browser 1 Web Application Web Application DB Web Application DB Web Application 2 USER DB May 31, 2007 ITRC p. 6/29

Brief... using CAS > AuthN mechanisum of CAS USER DB Web Application Sending Ticket Data / Its Reply AuthN CAS Server AuthN Data Web Browser Web Application CAS client library Web Application DB May 31, 2007 ITRC p. 7/29

Brief... using CAS > Web Browser USER DB AuthN 1 Web Application Sending Ticket Data / Its Reply CAS Server Web Application AuthN Data 2 Web Browser USER DB App. SSL... CAS App. May 31, 2007 ITRC p. 8/29

Brief... using CAS > AuthN mechanisum of CAS Ticket Granting Cookie (TGC) Cookie Browser TGC Service Ticket (ST) URL Parameter App. One Time Ticket App. CAS Server ST = May 31, 2007 ITRC p. 9/29

Brief... using CAS > CAS ST, App. (current version fix ) CAS Server App. User ID POST method CAS 2 Authorization May 31, 2007 ITRC p. 10/29

Brief survey of Authorization Environment using CAS 2 CAS 2 (Central Authentication and Authorization Service) CAS ST App. DB CAS Server App. CAS Web Application CAS 2 module FOR WHICH (URL of Web Application) WHO (User) WHEN (Access Time) FROM WHERE (Client) May 31, 2007 ITRC p. 11/29

Brief... using CAS 2 > Access Control List CAS 2 CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyauniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(ip=133.6.130.0/24)) cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mail URL https://app.*\.mynu\.jp/.+ uid is naito Access time is between 2005/10/10 and 2005/11/10 Client IP: 133.6.130.0/24 May 31, 2007 ITRC p. 12/29

Brief... using CAS 2 > Access Control List CAS 2 CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyauniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(ip=133.6.130.0/24)) cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mail cas-attributes App.. App. May 31, 2007 ITRC p. 13/29

CAS 2 CAS 2 CAS 2 CAS 2,... May 31, 2007 ITRC p. 14/29

> CAS Server CAS Server access log 1000, 3000 Oracle, May 31, 2007 ITRC p. 15/29

> ID,..., CAS, DB LDAP... May 31, 2007 ITRC p. 16/29

> ID DB... CAS... CAS DB... CAS DB, DB App. CAS May 31, 2007 ITRC p. 17/29

> CAS-ACL,. CAS-ACL Role Management = Identity Management Role Management = May 31, 2007 ITRC p. 18/29

SSO PKI ( ), May 31, 2007 ITRC p. 19/29

> IC Card with PKI... IC Card BBS light PKI IC Card Reader, BBS SSO/AuthZ May 31, 2007 ITRC p. 20/29

> Example CAS 2 SSO requirement : requirement :, BBS requirement :,.... May 31, 2007 ITRC p. 21/29

> Example 3-tiered security hierarchy Level 2 Level 1 Username/Password authentication Level 0 Subscriber ID Level = Level 2 = Level 1 BBS = Level 0 May 31, 2007 ITRC p. 22/29

> Mutiple-tiered secuirty hierarchy hierarchy CAS 2 Level 2 User Level 2 Application Level 1 User Level 1 Application Level 0 User Level 0 Application May 31, 2007 ITRC p. 23/29

> CAS 2 secuirty hierarchy CAS-ACL security level CAS-ACL FOR WHICH (URL of Web Application) WHO (User) WHEN (Access Time) FROM WHERE (Client) HOW (Security Level) CAS 2 multiple-tiered AuthN sequence CAS 2 May 31, 2007 ITRC p. 24/29

... > CAS 2... > security level in CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyauniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(ip=133.6.130.0/24)) cas-security-hierarchy: X509 cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mail URL https://app.*\.mynu\.jp/.+ ACL X509 (Level 2) May 31, 2007 ITRC p. 25/29

Summary CAS 2 SSO/AuthZ. CAS 2 SSO/AuthZ.,. CAS-ACL. SSO/AuthZ,, May 31, 2007 ITRC p. 26/29

CAS 2 CAS 2 http://www.math.nagoya-u.ac.jp/~naito/cas-square/ May 31, 2007 ITRC p. 27/29

References,,,,, CAS, 47 (2006) 1127 1135. Naito, Kajita, Hirano, Mase, Multiple-tiered Security Hierarachy for Web Applications Using Central Authentication and Authorization Service, Proceeding of Middleware Workshop on IEEE International Symposium on Applications and the Internet (SAINTW 2007), Hiroshima, JAPAN (2007). May 31, 2007 ITRC p. 28/29

Q and A May 31, 2007 ITRC p. 29/29

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック