CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization to@math.nagoya-u.ac.jp, Powered by A

Similar documents

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

"CAS を利用した Single Sign On 環境の構築"

Dec , IS p. 1/60

"CAS を利用した Single Sign On 環境の構築"

"CAS を利用した Single Sign On 環境の構築"

25 About what prevent spoofing of misusing a session information

1: 3 CAS[3] uportal[4] (Web ) 3.1 CAS CAS[3] Yale JA-SIG [5] CAS 1. 2(1) CAS Web (2)CAS ID LDAP 2. 2(3) CAS Web CAS Ticket (4)Web Ticket 3. Ticket Web

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

FileMaker Server 9 Getting Started Guide

第2回_416.ppt

DocuWide 2051/2051MF 補足説明書

Lotus Domino XML活用の基礎!

Oracle Identity Managementの概要およびアーキテクチャ

Web Web Web Web i

Oracle Application Server 10g Release 3（10.1.3）Oracle HTTP Serverの概要

XMLアクセス機能説明書

Web Web ( (SOAP (SOAP/http (WSDL UDDI 1. 2.XML 3. (XDoS http, https SOAP XML Web/App ( App

¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ

FileMaker Server Getting Started Guide

FileMaker Server 9 Getting Started Guide

Epson Print Admin

Oracle Application Server 10gリリース2（）Oracle HTTP Serverの概要

JEE 上の Adobe Experience Manager forms のインストールおよびデプロイ（WebLogic 版）

2 Java 35 Java Java HTML/CSS/JavaScript Java Java JSP MySQL Java 9:00 17:30 12:00 13: 項目日数時間習得目標スキル Java 2 15 Web Java Java J

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

HTTP Web Web RFC2616 HTTP/1.1 Web Apache Tomcat (Servlet ) XML Xindice Tomcat 6-2

FileMaker Server 8 Administrator’s Guide

PowerPoint プレゼンテーション

橡t15-shibuya.kashiwa.ppt

FileMaker ODBC and JDBC Guide

プレゼンテーション

Epson Print Admin

Oracle Secure Enterprise Search 10gを使用したセキュアな検索

Mac OS X Server Windows NTからの移行

橡CoreTechDS_Overview.PDF

第3回_416.ppt

Oracle Application Server 10g Release 3（10.1.3）- アジャイル・エンタープライズ（俊敏な企業）のためのデータ・アクセス

FileMaker Server Getting Started Guide

FileMaker Server Help

ii II Web Web HTML CSS PHP MySQL Web Web CSS JavaScript Web SQL Web

Web Basic Web SAS-2 Web SAS-2 i

LAN IP MAC IP MAC MAC IP IP IP IP IP IP [1][2][3] [4][5] IP IP IP IP (MARS MAC Address Reporting System) [6] IP IP MAC 2 MAC MATT MAC Address Tracing

Web SOAP Internet Web REST SOAP REST 3 REST SOAP 4

Web 認証拡張機能簡易ドキュメント

EMC® RepliStor® for Microsoft Windows バージョン 6.2 SP2インストール・ガイド

FileMaker 16 ODBC と JDBC ガイド

Web STEPS Web Web Form Cookie HTTP STEPS Web

組織変更ライブラリ

ファーストステップガイド1.2.doc

VMware View Persona Management

FileMaker Server 16 インストールおよび構成ガイド

ローカル認証の設定例を含む WLC 5760/3850 Custom WebAuth

2/ PPPoE AC(Access Concentrator) PPPoE PPPoE Ping FTP PP

2/ PPPoE... 9 AC(Access Concentrator) PPPoE PPPoE Ping FTP PPPoE

intra-mart Accel Platform — OData for SAP HANA セットアップガイド初版

BIG‑IP Access Policy Manager | F5 Datasheet

FileMaker Server Getting Started Guide

オンラインテスト

FileMaker 15 ODBC と JDBC ガイド

Microsoft Word - D JP.docx

Web Web Web Web Web, i

Oracle Application Server 10g(9

Contents Logging in 3-14 Downloading files from e-ijlp 15 Submitting files on e-ijlp Sending messages to instructors Setting up automatic

農研機構食品総合研究所研究報告 77号

22 (266) / Web PF-Web Web Web Web / Web Web PF-Web Web Web Web CGI Web Web 1 Web PF-Web Web Perl C CGI A Pipe/Filter Architecture Based Software Gener

Faronics Core User Guide

PowerPoint Presentation

Javaセミナー資料.PDF

Microsoft Word - # _Quick_Install_Guide_Final.doc

AirMac ネットワーク構成の手引き

etrust Access Control etrust Access Control UNIX(Linux, Windows) 2

Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows

WebOS aplat WebOS WebOS 3 XML Yahoo!Pipes Popfry UNIX grep awk XML GUI WebOS GUI GUI 4 CUI

Oracle Application Server 10g( )インストール手順書

C3印刷用.PDF

AirMac ネットワーク for Windows

Plone Web Plone OpenID 1.4 Gracie Gracie OpenID Python Plone GNU GPL Plone Gracie Password Authentication Module (PAM) UNIX OpenID 1. OpenID 2 OpenID

Java Platform Debugger Architecture Apache JServ Oracle JVM JPDA JVM Tomcat Oracle JVM... 7

Transcription:

Central Authentication System naito@math.nagoya-u.ac.jp to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 1/55

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 2/55

(AAA) Authentication User ID & Password Identification & Authentication (I&A) Authorization Access Permission Accounting Logging to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 3/55

Web Web IP AAA (Portal, Web Shopping,...) Apache Basic,... Authentication Authorization, Session CGI Apache Basic,... Authentication & Authorization to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 4/55

Basic Module : mod_radius, mod_ldap,... Authentication Authorization, Session trucking Authentication, Authentication Session trucking, HTTPD server, directory to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 5/55

CAS (1: Yale CAS) Authentication LDAP, NetInfo, Active Directory Directory Service Radius, NIS, BSD Flat File Authentication Session (Session Timeout ) Cookie, JavaScript CAS client: C, Java, Perl, Ruby, PL/SQL, PHP,... mod_cas, pam_cas to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 6/55

CAS (2: nu-cas) Authorization, Authorization Data Authorization, Remote Host,,... Application Authentication Session Session Trucking Application Cookie Application to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 7/55

CAS JAVA 1.4 API, Servlet 2.3 API Tomcat 5.x Cookie JavaScript to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 8/55

CAS Server (including CAS client) (over Tomcat) Directory Server (example ) Ticket Granting Cookie () Service Ticket (ST) to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 9/55

CAS Login &ST ST ST One Time Ticket ST Authentication, ST Authorization ST Varidation Application Timeout Session Timeout Logout o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 10/55

CAS (1: Login (1)) 1 1. Access to https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 11/55

CAS (1: Login (2)) 1 2 2 Login Window 2. Redirect to https://cas/login&service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 12/55

CAS (1: Login (3)) Service Authorization Authentication 3 Login Window 3. Input UserID & Password with service https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 13/55

CAS (1: Login (4)) AA Authentication results 3 4 ST 4. Send Ticket Granting Cookie to Browser o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 14/55

CAS (1: Login (5)) ST Authorization results 5 5 5. Redirect to https://afqdn/a.html&ticket=st-xxx o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 15/55

CAS (1: Login (6)) 6 Authorization ST 5 5 6. Verify Service Ticket o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 16/55

CAS (1: Login (7)) 6 AA Authorization Result 7 7. Receive verify result form CAS server o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 17/55

CAS (1: Login (8)) 7 8 8. Receive Data from Application Server o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 18/55

CAS ( ) Login JavaScript/HTTP redirection visible Login Window o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 19/55

CAS (2: Verify Ticket) Login ST Authorization Service Class count down timer ST Timeout Login redirection Authorization ST ST Authorization CAS Message Page redirect o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 20/55

CAS (2: Verify Ticket (0)) ST o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 21/55

CAS (2: Verify Ticket (1)) ST 1 1. Access to https://afqdn/a.html&ticket=st-xxxxx o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 22/55

CAS (2: Verify Ticket (2)) Service Authorization 2 ST 1 2. Verify ticket=st-xxxxx with service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 23/55

CAS (2: Verify Ticket (3)) next ST 2 Authorization Authorization results 3 3. Get authorization results, user infomation and NEXT TICKET o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 24/55

CAS (2: Verify Ticket (4)) 3 4 next ST 4. Reply from with NEXT TICKET o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 25/55

CAS (3: Fail to Verify Ticket) Service Ticket INVALID TICKET Service Ticket Timeout Service Class Ticket Granting Cookie Service Ticket o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 26/55

CAS (3: Fail to Verify Ticket (0)) ST ST is expired or belonged to different ACCESS CLASS o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 27/55

CAS (3: Fail to Verify Ticket (1)) ST 1 1. Access to https://afqdn/a.html&ticket=st-xxxxx o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 28/55

CAS (3: Fail to Verify Ticket (2)) Service Authorization 2 ST 1 2. Verify ticket=st-xxxxx with service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 29/55

CAS (3: Fail to Verify Ticket (3)) 2 Authorization Authorization results 3 3. Get authorization result: INVALIED TICKET o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 30/55

CAS (3: Fail to Verify Ticket (4)) Service Authorization 3 4 4 4. Redirect to https://cas/login&service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 31/55

CAS (3: Fail to Verify Ticket (5)) ST Service Authorization Authorization results 5 4 4 5 ST 5. Redirect to https://afqdn/a.html&ticket=st-xxx o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 32/55

CAS (3: Fail to Verify Ticket (6)) 6 Authorization ST 5 5 6. Verify Service Ticket o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 33/55

CAS (3: Fail to Verify Ticket (7)) next ST 6 Authorization Authorization Result 7 7. Receive verify result form CAS server o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 34/55

CAS (3: Fail to Verify Ticket (8)) 7 8 next ST 8. Receive Data from Application Server o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 35/55

CAS (4: Fail to Authorization) Service Ticket ACCESS DENIED ST Service (URL) ST CAS Message Page o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 36/55

CAS (4: Fail to Authorization (0)) ST If SERVICE is denied to access o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 37/55

CAS (4: Fail to Authorization (1)) ST 1 1. Access to https://afqdn/a.html&ticket=st-xxxxx If SERVICE is denied to access o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 38/55

CAS (4: Fail to Authorization (2)) Service Authorization 2 ST 1 2. Verify ticket=st-xxxxx with service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 39/55

CAS (4: Fail to Authorization (3)) 2 Authorization Authorization results 3 3. Get authorization result: INVALIED TICKET o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 40/55

CAS (4: Fail to Authorization (4)) Service Authorization Authentication 3 4 4 4. Redirect to https://cas/login&service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 41/55

CAS (4: Fail to Authorization (5)) Service Authorization Authorization results 4 4 5 5. ACCESS DENIED o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 42/55

CAS (5: If is expired) Ticket Granting Cookie () expired Login redirect o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 43/55

CAS (5: If is expired (0)) If is expired ST o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 44/55

CAS (5: If is expired (1)) ST 1 1. Access to https://afqdn/a.html&ticket=st-xxxxx o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 45/55

CAS (5: If is expired (2)) Service Authorization 2 ST 1 2. Verify ticket=st-xxxxx with service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 46/55

CAS (5: If is expired (3)) 2 Authorization Authorization results 3 3. Get authorization result: INVALIED TICKET since pararent is expired o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 47/55

CAS (5: If is expired (4)) 3 4 4 4. Redirect to https://cas/login&service=https://afqdn/a.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 48/55

CAS (5: If is expired (5)) 4 4 Login Window 5. Redirect to https://afqdn/a.html&ticket=st-xxx o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 49/55

CAS (6: Logout) Logout Logout o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 50/55

CAS (6: Logout (1)) 1 1. Access to https://afqdn/logout.html o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 51/55

CAS (6: Logout (2)) 1 2 2 2. Redirect to https://cas/logout o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 52/55

CAS (6: Logout (3)) 2 2 3 3. Delete and Logout Message o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 53/55

Authentication Yale Authorization GET method, POST method XSS, ST Yale-CAS: JAVA 2000, nu-cas: JAVA 5000 4000 / Sun Fire V480 (1.0GHz UltraSPAC III Cu x 2) 4.0GB Memory Solaris 8 o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 54/55

WebDAV (PUT method ) Open Source Software o@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 55/55