"CAS を利用した Single Sign On 環境の構築"

Similar documents
"CAS を利用した Single Sign On 環境の構築"

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

Oracle Identity Managementの概要およびアーキテクチャ

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

1: 3 CAS[3] uportal[4] (Web ) 3.1 CAS CAS[3] Yale JA-SIG [5] CAS 1. 2(1) CAS Web (2)CAS ID LDAP 2. 2(3) CAS Web CAS Ticket (4)Web Ticket 3. Ticket Web

内閣官房情報セキュリティセンター(NISC)

Oracle Secure Enterprise Search 10gを使用したセキュアな検索


7,, i

Oracle Web Conferencing Oracle Collaboration Suite 2 (9.0.4) Creation Date: May 14, 2003 Last Update: Jan 21, 2005 Version: 1.21

2

Oracle Calendar Oracle Collaboration Suite 2(9.0.4) Creation Date: Jun 04, 2003 Last Update: Nov 18, 2003 Version:

Web STEPS Web Web Form Cookie HTTP STEPS Web

組織変更ライブラリ

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

PowerPoint プレゼンテーション

Web Web ( (SOAP (SOAP/http (WSDL UDDI 1. 2.XML 3. (XDoS http, https SOAP XML Web/App ( App

BIG‑IP Access Policy Manager | F5 Datasheet

FirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client Edge Client Edge Client Edge Client LAN Edge Client VPN Wi

Oracle Application Server 10g( )インストール手順書

スライド 1

<Insert Picture Here> Oracle Business Intelligence 2006/6/27

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

Encryption Security

第2回_416.ppt

FileMaker Server Getting Started Guide

SAML

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

i

DocuCentre-III C3300 / C2200

Oracle Application Server 10g(9

11 Windows XP IP WEP (Web )

○広島大学船員就業規則

shio_ PDF

wp_integrating_active_directory_ml

OpenAM(OpenSSO) のご紹介

IPSJ SIG Technical Report * Wi-Fi Survey of the Internet connectivity using geolocation of smartphones Yoshiaki Kitaguchi * Kenichi Nagami and Yutaka

FileMaker Server Getting Started Guide

untitled

1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D

_‚Ofl¼

JP1/Integrated Management - Service Support 操作ガイド

untitled

DEIM Forum 2010 D Development of a La

FileMaker Server 9 Getting Started Guide

Cisco Unity と Unity Connection Server の設定

Microsoft Word - D JP.docx

ApeosPort-III C3300 / C2200

etrust Access Control etrust Access Control UNIX(Linux, Windows) 2

2 BIG-IP 800 LTM v HF2 V LTM L L L IP GUI VLAN.

Packet Tracer: 拡張 ACL の設定 : シナリオ 1 トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/ N/A G0/

Aventail EX-2500/1600/750 STv(Ver.8.9) Sep 2007 c 2007 SonicWALL,Inc. All rights reserved.

Windowsユーザーの為のOracle Database セキュリティ入門

untitled

WebRTC P2P,. Web,. WebRTC. WebRTC, P2P, i

Lotus Domino XML活用の基礎!

1 BrainPad Inc.) KN6F ,375, ASP EC NHN Japan SAS Institute Japan BB 50 BrainPad Inc , All rights reserved. 1

I

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

<Documents Title Here>

Google Apps / Gmail

Oracle9iAS Release 2 (9.0.2) セキュリティ機能概要

untitled

Lync Server 2010 Lync Server Topology Builder BIG-IP LTM Topology Builder IP Lync 2010 BIG IP BIG-IP VE Virtual Edition BIG-IP SSL/TLS BIG-IP Edge Web

FileMaker Server Getting Started Guide

All Rights Reserved, Copyright FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED


Transcription:

CAS 2 Single Sign On 1,3, 2,3, 2, 2,3 1 2 3 May 31, 2007 ITRC p. 1/29

Plan of Talk Brief survey of Single Sign On using CAS Brief survey of Authorization Environment using CAS 2 Summary May 31, 2007 ITRC p. 2/29

. Example IP May 31, 2007 ITRC p. 3/29

> UserID Password DB Single Sign On DB May 31, 2007 ITRC p. 4/29

Brief survey of SSO using CAS CAS (Central Authentication Service) Web Application Single Sign On (SSO) Yale University, JA-SIG Open Source Cookie, http direction, JavaScript SSL (https) DB, DB DB Web Application CAS May 31, 2007 ITRC p. 5/29

Brief... using CAS > Usual Authentication Web Browser 1 Web Application Web Application DB Web Application DB Web Application 2 USER DB May 31, 2007 ITRC p. 6/29

Brief... using CAS > AuthN mechanisum of CAS USER DB Web Application Sending Ticket Data / Its Reply AuthN CAS Server AuthN Data Web Browser Web Application CAS client library Web Application DB May 31, 2007 ITRC p. 7/29

Brief... using CAS > Web Browser USER DB AuthN 1 Web Application Sending Ticket Data / Its Reply CAS Server Web Application AuthN Data 2 Web Browser USER DB App. SSL... CAS App. May 31, 2007 ITRC p. 8/29

Brief... using CAS > AuthN mechanisum of CAS Ticket Granting Cookie (TGC) Cookie Browser TGC Service Ticket (ST) URL Parameter App. One Time Ticket App. CAS Server ST = May 31, 2007 ITRC p. 9/29

Brief... using CAS > CAS ST, App. (current version fix ) CAS Server App. User ID POST method CAS 2 Authorization May 31, 2007 ITRC p. 10/29

Brief survey of Authorization Environment using CAS 2 CAS 2 (Central Authentication and Authorization Service) CAS ST App. DB CAS Server App. CAS Web Application CAS 2 module FOR WHICH (URL of Web Application) WHO (User) WHEN (Access Time) FROM WHERE (Client) May 31, 2007 ITRC p. 11/29

Brief... using CAS 2 > Access Control List CAS 2 CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyauniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(ip=133.6.130.0/24)) cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mail URL https://app.*\.mynu\.jp/.+ uid is naito Access time is between 2005/10/10 and 2005/11/10 Client IP: 133.6.130.0/24 May 31, 2007 ITRC p. 12/29

Brief... using CAS 2 > Access Control List CAS 2 CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyauniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(ip=133.6.130.0/24)) cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mail cas-attributes App.. App. May 31, 2007 ITRC p. 13/29

CAS 2 CAS 2 CAS 2 CAS 2,... May 31, 2007 ITRC p. 14/29

> CAS Server CAS Server access log 1000, 3000 Oracle, May 31, 2007 ITRC p. 15/29

> ID,..., CAS, DB LDAP... May 31, 2007 ITRC p. 16/29

> ID DB... CAS... CAS DB... CAS DB, DB App. CAS May 31, 2007 ITRC p. 17/29

> CAS-ACL,. CAS-ACL Role Management = Identity Management Role Management = May 31, 2007 ITRC p. 18/29

SSO PKI ( ), May 31, 2007 ITRC p. 19/29

> IC Card with PKI... IC Card BBS light PKI IC Card Reader, BBS SSO/AuthZ May 31, 2007 ITRC p. 20/29

> Example CAS 2 SSO requirement : requirement :, BBS requirement :,.... May 31, 2007 ITRC p. 21/29

> Example 3-tiered security hierarchy Level 2 Level 1 Username/Password authentication Level 0 Subscriber ID Level = Level 2 = Level 1 BBS = Level 0 May 31, 2007 ITRC p. 22/29

> Mutiple-tiered secuirty hierarchy hierarchy CAS 2 Level 2 User Level 2 Application Level 1 User Level 1 Application Level 0 User Level 0 Application May 31, 2007 ITRC p. 23/29

> CAS 2 secuirty hierarchy CAS-ACL security level CAS-ACL FOR WHICH (URL of Web Application) WHO (User) WHEN (Access Time) FROM WHERE (Client) HOW (Security Level) CAS 2 multiple-tiered AuthN sequence CAS 2 May 31, 2007 ITRC p. 24/29

... > CAS 2... > security level in CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyauniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(ip=133.6.130.0/24)) cas-security-hierarchy: X509 cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mail URL https://app.*\.mynu\.jp/.+ ACL X509 (Level 2) May 31, 2007 ITRC p. 25/29

Summary CAS 2 SSO/AuthZ. CAS 2 SSO/AuthZ.,. CAS-ACL. SSO/AuthZ,, May 31, 2007 ITRC p. 26/29

CAS 2 CAS 2 http://www.math.nagoya-u.ac.jp/~naito/cas-square/ May 31, 2007 ITRC p. 27/29

References,,,,, CAS, 47 (2006) 1127 1135. Naito, Kajita, Hirano, Mase, Multiple-tiered Security Hierarachy for Web Applications Using Central Authentication and Authorization Service, Proceeding of Middleware Workshop on IEEE International Symposium on Applications and the Internet (SAINTW 2007), Hiroshima, JAPAN (2007). May 31, 2007 ITRC p. 28/29

Q and A May 31, 2007 ITRC p. 29/29

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック