Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

Similar documents
Dec , IS p. 1/60

3_23.dvi

IPSJ SIG Technical Report Vol.2013-GN-86 No.35 Vol.2013-CDS-6 No /1/17 1,a) 2,b) (1) (2) (3) Development of Mobile Multilingual Medical

IPSJ SIG Technical Report Vol.2015-IOT-28 No /3/6 1,a) (HINET2014) 450 VLAN Realization of a Network Configuration Management for

B HNS 7)8) HNS ( ( ) 7)8) (SOA) HNS HNS 4) HNS ( ) ( ) 1 TV power, channel, volume power true( ON) false( OFF) boolean channel volume int

& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us

IP ( ) IP ( ) IP DNS Web Web DNS Web DNS DNS 利用者 1 利用者 2 東京都調布市の天気情報を応答 東京都調布市の天気を問い合わせ 北海道旭川市の天気を問い合わせ 北海道旭川市の天気情報を応答 Fig. 1 1 DNS サーバ 東京都調布市の天気情報 We

Vol. 48 No. 4 Apr LAN TCP/IP LAN TCP/IP 1 PC TCP/IP 1 PC User-mode Linux 12 Development of a System to Visualize Computer Network Behavior for L

7,, i

Web Basic Web SAS-2 Web SAS-2 i

1 Fig. 1 Extraction of motion,.,,, 4,,, 3., 1, 2. 2.,. CHLAC,. 2.1,. (256 ).,., CHLAC. CHLAC, HLAC. 2.3 (HLAC ) r,.,. HLAC. N. 2 HLAC Fig. 2

Microsoft Word - Win-Outlook.docx

IPSJ SIG Technical Report Vol.2014-CE-127 No /12/7 1,a) 2,3 2,3 3 Development of the ethological recording application for the understanding of

"CAS を利用した Single Sign On 環境の構築"

IPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for

( )

, : GUI Web Java 2.1 GUI GUI GUI 2 y = x y = x y = x

Web Web Web Web i

Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m

ppt

SAML

"CAS を利用した Single Sign On 環境の構築"

PeerPool IP NAT IP UPnP 2) Bonjour 3) PeerPool CPU 4) 2 UPnP Bonjour PeerPool CPU PeerPool PeerPool PPv2 PPv2 2. PeerPool 2.1 PeerPool PeerPool PoolGW

OpenAM(OpenSSO) のご紹介

24 Region-Based Image Retrieval using Fuzzy Clustering

WikiWeb Wiki Web Wiki 2. Wiki 1 STAR WARS [3] Wiki Wiki Wiki 2 3 Wiki 5W1H Wiki Web 2.2 5W1H 5W1H 5W1H 5W1H 5W1H 5W1H 5W1H 2.3 Wiki 2015 Informa

1 UD Fig. 1 Concept of UD tourist information system. 1 ()KDDI UD 7) ) UD c 2010 Information Processing S

Vol.53 No (Mar. 2012) 1, 1,a) 1, 2 1 1, , Musical Interaction System Based on Stage Metaphor Seiko Myojin 1, 1,a

Vol.54 No (Mar. 2013) 1,a) , A Case Study of the Publication of Information on the Japan Earthquake Naoto Matsumoto 1,a

"CAS を利用した Single Sign On 環境の構築"

SAML認証

The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). The material has been made available on the website

3_39.dvi

1: 3 CAS[3] uportal[4] (Web ) 3.1 CAS CAS[3] Yale JA-SIG [5] CAS 1. 2(1) CAS Web (2)CAS ID LDAP 2. 2(3) CAS Web CAS Ticket (4)Web Ticket 3. Ticket Web

Office365 Education,, Google Apps Microsoft Education Office365 Education. 1 LMS ICT Google Apps for Ed

i

Web Web Web Web Web, i

IPSJ SIG Technical Report PIN(Personal Identification Number) An Examination of Icon-based User Authentication Method for Mobile Terminals Fum

WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i

IPSJ SIG Technical Report Vol.2014-IOT-27 No.14 Vol.2014-SPT-11 No /10/10 1,a) 2 zabbix Consideration of a system to support understanding of f

IPSJ SIG Technical Report Vol.2009-DPS-141 No.20 Vol.2009-GN-73 No.20 Vol.2009-EIP-46 No /11/27 1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Spe

佐賀大学紹介 5 学部 (2016 年度から 6 学部 ) 文化教育学部 (2016 年度から教育学部 ) 経済学部 医学部 理工学部 農学部 ( 芸術地域デザイン学部 ) 人数 学生 : 約 7,000 人 教職員数 : 約 3,000 人 キャンパス 本庄キャンパス 鍋島キャンパス ( 有田キャ

Wi-Fi Wi-Fi Wi-Fi Wi-Fi SAS SAS-2 Wi-Fi i

1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf

& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro

Office365 Education Microsoft 1 3 Microsoft 2 3 Microsoft / Inside Office365 Education: Improved but... Hiroshi Ueda 1 Yoshikazu Ishii

IPSJ SIG Technical Report Vol.2010-GN-74 No /1/ , 3 Disaster Training Supporting System Based on Electronic Triage HIROAKI KOJIMA, 1 KU

Office365 1, 2, 3, 3, 3 1, 2, 3 {ueda.hiroshi.4n, komura.takaaki.3v, ishii.yoshikazu.3e, tonomura.koichiro.8c,

PowerPoint プレゼンテーション

IPSJ SIG Technical Report Vol.2017-CLE-21 No /3/21 e 1,2 1,2 1 1,2 1 Sakai e e e Sakai e Current Status and Challenges on e-learning T

Plone Web Plone OpenID 1.4 Gracie Gracie OpenID Python Plone GNU GPL Plone Gracie Password Authentication Module (PAM) UNIX OpenID 1. OpenID 2 OpenID

Shibboleth Office365 Education , Office365, 8 26 Office365 Shibboleth., Shibboleth, Office365,. 1.,,,,., LMS.,,, ICT,, Google App

1. HNS [1] HNS HNS HNS [2] HNS [3] [4] [5] HNS 16ch SNR [6] 1 16ch 1 3 SNR [4] [5] 2. 2 HNS API HNS CS27-HNS [1] (SOA) [7] API Web 2

Vol.54 No (July 2013) [9] [10] [11] [12], [13] 1 Fig. 1 Flowchart of the proposed system. c 2013 Information

AXIOLE OmniSwitch/OmniAccess Microsoft Shibboleth VPN n LAN MAC VLAN Microsoft Office365 Shibboleth Microsoft 1 LAN 2000 [1, 2, 3] LAN LAN [4, 5

Cisco Unity と Unity Connection Server の設定

Vol. 48 No. 3 Mar PM PM PMBOK PM PM PM PM PM A Proposal and Its Demonstration of Developing System for Project Managers through University-Indus

1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D

1_26.dvi

CA Federation ご紹介資料

PC PDA SMTP/POP3 1 POP3 SMTP MUA MUA MUA i

広報第10号

58 10

main.dvi

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

XMLを基盤とするビジネスプロトコルの動向

3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2

HP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree

10_細川直史.indd

GPGPU

DPA,, ShareLog 3) 4) 2.2 Strino Strino STRain-based user Interface with tacticle of elastic Natural ObjectsStrino 1 Strino ) PC Log-Log (2007 6)

DEIM Forum 2009 B4-6, Str

258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS ) GPS Global Positioning System

Vol.57 No (Mar. 2016) 1,a) , L3 CG VDI VDI A Migration to a Cloud-based Information Infrastructure to Support

( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst

IPSJ SIG Technical Report Vol.2011-MUS-91 No /7/ , 3 1 Design and Implementation on a System for Learning Songs by Presenting Musical St

LAN LAN LAN LAN LAN LAN,, i

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

2006 [3] Scratch Squeak PEN [4] PenFlowchart 2 3 PenFlowchart 4 PenFlowchart PEN xdncl PEN [5] PEN xdncl DNCL 1 1 [6] 1 PEN Fig. 1 The PEN

NAC(CCA): ACS 5.x 以降を使用した Clean Access Manager での認証の設定

DEIM Forum 2009 E

”Лï−wŁfl‰IŠv‚æ89“ƒ/‚qfic“NŸH

POWER EGG 3.0 Office365連携

97-00


2). 3) 4) 1.2 NICTNICT DCRA Dihedral Corner Reflector micro-arraysdcra DCRA DCRA DCRA 3D DCRA PC USB PC PC ON / OFF Velleman K8055 K8055 K8055

<95DB8C9288E397C389C88A E696E6462>

LAN IP MAC IP MAC MAC IP IP IP IP IP IP [1][2][3] [4][5] IP IP IP IP (MARS MAC Address Reporting System) [6] IP IP MAC 2 MAC MATT MAC Address Tracing

情報処理学会研究報告 IPSJ SIG Technical Report Vol.2013-CVIM-186 No /3/15 EMD 1,a) SIFT. SIFT Bag-of-keypoints. SIFT SIFT.. Earth Mover s Distance

, IT.,.,..,.. i

2011年11月10日 クラウドサービスのためのSINET 学認説明会 九州地区説明会 九州大学キャンパス クラウドシステムの導入 伊東栄典 情報基盤研究開発センター 1

Vol. 42 No. SIG 8(TOD 10) July HTML 100 Development of Authoring and Delivery System for Synchronized Contents and Experiment on High Spe

IPSJ SIG Technical Report Vol.2009-DPS-141 No.23 Vol.2009-GN-73 No.23 Vol.2009-EIP-46 No /11/27 t-room t-room 2 Development of

IPSJ SIG Technical Report Vol.2016-CE-137 No /12/ e β /α α β β / α A judgment method of difficulty of task for a learner using simple

IceWall FederationによるOffice 365導入のための乱立AD対応ソリューション(オンプレミス型)

E MathML W3C MathJax 1.3 MathJax MathJax[5] TEX MathML JavaScript TEX MathML [8] [9] MathSciNet[10] MathJax MathJax MathJax MathJax MathJax MathJax We

IT,, i

900 GPS GPS DGPS Differential GPS RTK-GPS Real Time Kinematic GPS 2) DGPS RTK-GPS GPS GPS Wi-Fi 3) RFID 4) M-CubITS 5) Wi-Fi PSP PlayStation Portable

Table 1 Table 2

untitled

Transcription:

SAML PAM SSO Web 1,a) 1 1 1 Shibboleth SAML Web IMAPS Web SAML PAM IMAPS SSO Web Shibboleth Web SSO, Shibboleth, SAML, Web, Web-based mail system with SSO authentication through SAML supporting PAM Makoto Otani 1,a) Hirofumi Eto 1 Yoshitsugu Matsubara 1 Shin-ichi Tadaki 1 Abstract: We, in Saga University, have been constructing a unified foundation of Web-based systems using SAML-based authentication mechanisms with Shibboleth. Web-based interfaces for e-mail accesses, however, have never been unified into the foundation, because the e-mail system has used the IMAPS protocol. For overcoming this problem and improving the usability of e-mail services, we introduced a PAM module compatible with SAML for IMAPS authentication, and we developed a Web-based interface for the e-mail system, which the users can use under Shibboleth authentication. We will report the method for SAML-based authentication and its implementation. Keywords: Single Sign-On Authentication, Shibboleth, SAML, Web Service, Mail 1. Web Web. 1 Computer and Network Center, Saga University a) otani@cc.saga-u.ac.jp Web (SSO) Shibboleth SAML Web SSO (Opengate) e Web Shibboleth SSO. Opengate c 2013 Information Processing Society of Japan 1

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval Agent) IMAPS IMAPS Web SSO MRA PAM(Pluggable Authentication Module) SAML IMAPS SSO Web SSO Web 2. Web SMTP-AUTH, POP3S, IMAPS 2000 Web [2], [3], [4] Web Java Servlet 2000 Web Web PHP Web Web MRA IMAPS ブラウザ Web メールシステム (SP) 認証サーバ (IdP) 利用開始 認証要求 ユーザ ID, パスワード 認証成功 メール要求 メール表示 LDAP アサーション ( 暗号 ) 属性等 ( ユーザ ID ) 復号, zlib 圧縮 Fig. 1 1 IdP IMAP 認証ユーザ ID 認証 応答認証成功 LDAP パスワード () メールデータ メールサーバ IMAPS サーバ Authentication flow. SAML 対応 PAMモジュール PAM 認証 応答 認証成功 正当性検証 ユーザID, データ提供 SP IdP 署名, 有効期限 接続サーバ IP Dovecot[5] IMAPS PAM LDAP Web IMAPS IMAPS PHP IMAP IMAPS ID Web SAML SSO IdP IMAPS IMAP SAML PAM IMAPS Web SAML SSO 3. SAML PAM IMAPS IMAPS PAM LDAP PAM SAML Web SSO SAML PAM crudesaml[6] crudesaml SAML (SAML ) PAM cyrus SASL[7] PAM crudesaml IdP SP(Web ) SAML- Response SAML 1 SAML PAM crudesaml PAM crudesaml SAML c 2013 Information Processing Society of Japan 2

IdP (idp) SP(Web ) entityid(trusted sp) ID (userid) IP (only from) SAML IdP SP SAML ID IMAPS ID SAML ( 4 ) IMAPS ID ID SAML ID 4. Web SAML SAML SSO Web (SP) IMAPS ID SAML ID IdP PAM SAML SSO IdP, SP Shibboleth Shibboleth IdP SP SAML Apache Web SAML PAM Shibboleth Apache mod mellon[8] mod mellon Shibboleth PAM (MEL- LON SAML RESPONSE) ID (REMOTE USER) IMAPS SAML SP SP Web IMAPS PAM SAML Web SP IdP SAML mod mellon REMOTE USER (IMAPS ID) ( ) SP SP IdP IdP BASE64 SAML BASE64 SAML IMAPS SAML- Response BASE64 IMAPS BASE64 zlib SAML PAM crudesaml zlib 5. SSO Web 5.1 SAML SSO Web ( 1 ) Web ( 2 ) IdP ( 3 ) IdP ( 2) ID ( ) ( 4 ) IdP SP Web ( ID ) Web ( 5 ) SP ( 6 ) Web ID IMAPS ID ( 7 ) IMAPS ID () PAM SAML SAML c 2013 Information Processing Society of Japan 3

1 IdP Table 1 IdP environment. Web Apache 2.2.14 SAML Shibboleth IdP 2.3.8 apache-tomcat 6.0.36 2 SP Table 2 SP environment. 2 IdP Fig. 2 IdP authentication page. Web Apache 2.2.5 SAML mod mellon 0.6.1 xmlseclibs 1.3.0 () PHP PHP 5.3.3 c-client 2007f(PHP IMAP ) 3 Table 3 Mail server environment. IMAPS IMAP Dovecot 2.1.5 SAML crudesaml 1.4 3 Fig. 3 Web Web mail system. 認証サーバ (IdP: Shibboleth) Web SSO Web IMAPS LDAP SSO SMAL 対応 PAM 認証 メールサーバ IMAPS, SMTP メール専用クライアント SSO 認証 ユーザID ( 属性情報 ) パスワード メール Fig. 4 メール クライアント PC 4 ユーザ ID パスワード アサーション ( 暗号化 ) 有効期限, Web ブラウザメール閲覧 作成 System architecture. 属性情報等 アサーション復号 zlib 圧縮 Web メールシステム (SP: mod_mellon) ( 8 ) ( 9 ) Web ( 3) 4 Web ID IdP () 5.2 1, 2, 3 SSO Web IdP SSO Web Web SP SP Web SAML Shibboleth mod mellon xmlseclibs Web SAML PAM SAML Web Shibboleth SSO Web c 2013 Information Processing Society of Japan 4

6. 6.1 Web SAML IdP Web SP SAML IMAPS SAML PAM SP SAML PAM IMAPS IMAPS PHP(IMAP ) zlib ( ) (Organization) zlib 3.4KB IMAPS Dovecot PHP IMAP (c-client) 1KB(1024 ) 4KB 6.2 SAML IdP(Shibboleth) PAM SAML (crudesaml) IdP PAM SAML crudesaml Shibboleth IdP (Shibboleth IdP) <saml2:conditions NotBefore="2013-06-30T06:23:45.413Z" NotOnOrAfter="2013-06-30T10:23:45.413Z"> SAML SAML SAML SAML SAML 6.3 Web SSO PAM Web PAM SAML Web SSO Web SSH, 6.1 7. Web Shibboleth SAML Web SSO Web Web IMAPS IMAPS ID SSO IMAPS PAM SAML Shibboleth IdP SAML Web Web SSO [1] ( ), https://www.gakunin.jp/ [2] IMAP4 Web WebMailer :,,,, Vol.4, pp.35-43 (2000) [3] Web :,,, 2002-DSM-26, pp.7-12 (2002) [4] LDAP :,,, No.8, ISSN 1343-2915, pp.83-88 (2004) [5] DOVECOT Secure IMAP server, http://www.dovecot.org/ [6] crudesaml, http://ftp.espci.fr/pub/crudesaml/ [7] Project Cyrus, http://cyrusimap.web.cmu.edu/ [8] mod mellon - a SAML 2.0 Apache module https://code.google.com/p/modmellon/ c 2013 Information Processing Society of Japan 5

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック