¡ÖGoogle Apps¥Ç¥Ð¥¤¥¹Ç§¾Ú¥Ñ¥Ã¥±¡¼¥¸¡×¤Ï¡¢³ô¼°²ñ¼Ò¥»¥·¥ª¥¹¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥µ¡¼¥Ó¥¹¡ÖSeciossLink¡×¤È³ô¼°²ñ¼ÒJCCH¡¦¥»¥­¥å¥ê¥Æ¥£¡¦¥½¥ê¥å¡¼¥·¥ç¥ó¡¦¥·¥¹¥Æ¥à¥º¤¬GMO¥°¥í¡¼¥Ð¥ë¥µ¥¤¥ó³ô¼°²ñ¼Ò¤È¶¦Æ±³«È¯¤·¤¿iPhone¡¦iPadüËöǧ¾Ú¥µ¡¼¥Ó¥¹¡Ö¥Þ¥Í¡¼¥¸¥ÉPKI Lite for Mobile powered by Gléas¡×¤ò¥Ñ¥Ã¥±¡¼¥¸¤¹¤ë¤³¤È¤Ç¡¢iPhone¡¦iPad¤Ê¤É¤«¤éGoogle Apps¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¥Ç¥Ð¥¤¥¹¤ò¥¯¥é¥¤¥¢¥ó¥È¾ÚÌÀ½ñ¤ÇÆÃÄꤹ¤ë¥µ¡¼¥Ó¥¹¤È¤Ê¤ê¤Þ¤¹¡£

¡ÖSeciossLink¡×¤Ï¡¢¥»¥·¥ª¥¹³ô¼°²ñ¼Ò¤ÎSaaS·¿¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥µ¡¼¥Ó¥¹¤Ç¤¹¡£Google Apps¤äSalesforce¤Ø¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈID´ÉÍý¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£JS3¤Ï¡ÖGoogle Apps¥Ç¥Ð¥¤¥¹Ç§¾Ú¥Ñ¥Ã¥±¡¼¥¸¡×¤ÎÈÎÇ䳫»Ï¤Ë¹ç¤ï¤»¡¢iDATEN SaaSplats¤Ë¤ª¤¤¤Æ¡ÖSeciossLink¡×¤âƱ»þ¤ËÈÎÇ䳫»Ï¤·¤Þ¤¹¡£

¡Ö¥Þ¥Í¡¼¥¸¥ÉPKI Lite for Mobile powered by Gléas¡×¤Ï¡¢GMO¥°¥í¡¼¥Ð¥ë¥µ¥¤¥ó³ô¼°²ñ¼Ò¤ÎASP·¿¥Ñ¥Ö¥ê¥Ã¥¯Ç§¾Ú¶É±¿±Ä¥µ¡¼¥Ó¥¹¤Ç¤¹¡£ËÜ¥µ¡¼¥Ó¥¹¤ËºÎÍѤµ¤ì¤Æ¤¤¤ëGléas¤Ï¡¢¥×¥é¥¤¥Ù¡¼¥Èǧ¾Ú¶ÉÀ½ÉʤȤ·¤Æ¡¢¹â¤¤½ÀÆðÀ­¡¢ÁàºîÀ­¤ª¤è¤Ó¿®ÍêÀ­¤ò¼Â¸½¤¹¤ë¤¿¤á¤Ë¡¢JS3¤¬¼«¼Ò³«È¯¤·¤¿¥¢¥×¥é¥¤¥¢¥ó¥¹À½ÉʤǤ¹¡£ºÇ¾¯10¥é¥¤¥»¥ó¥¹¤«¤é¤ÎÍøÍѤÈiPhone¹½À®¥×¥í¥Õ¥¡¥¤¥ë¤òÅŻҾÚÌÀ½ñ¤ÈƱ»þ¤ËÇÛÉۤǤ­¤ë¤³¤È¤¬¼ç¤ÊÆÃħ¤È¤Ê¤ê¤Þ¤¹¡£

iDATEN SaaSplats¤Ï¡¢¥Ó¡¼¥×¥é¥Ã¥Ä¤¬±¿±Ä¤¹¤ëSaaS¡¦PaaSήÄÌ¥µ¡¼¥Ó¥¹¤Ç¤¢¤ëSaaSplats¡Ê¥µ¡¼¥¹¥×¥é¥Ã¥Ä¡Ë¤ò³èÍѤ·¡¢DIS¤ÎÈÎÇ䏤¬SaaS¡¦PaaS¤Î¼è¤ê¼¡¤®¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤­¤ë¥µ¡¼¥Ó¥¹¤Ç¤¹¡£¼ç¤ÊÆÃħ¤È¤·¤Æ¤Ï¡¢°Ê²¼¤Î3ÅÀ¤¬µó¤²¤é¤ì¤Þ¤¹¡£

£±¡Ë¡ØSaaS¡¦PaaS¤Ê¤É¤Î·î³Û¥µ¡¼¥Ó¥¹¡Ù¤ò¿³¬ÁؤÇÈÎÇä´ÉÍý¤¹¤ë¥×¥é¥Ã¥È¥Õ¥©¡¼¥à

£²¡Ë¡Ø´û¸¤ÎήÄÌÌ֡١شû¸¤ÎÈÎÇäŹ¡Ù¤Î¥Ó¥¸¥Í¥¹¤ËŬ±þ¤Ç¤­¤ë¥µ¡¼¥Ó¥¹¥â¥Ç¥ë

£³¡Ë¡Ø·î³Û¡¦½¾Î̲ݶâ¡Ù¤Î·èºÑÂå¹Ô¥µ¡¼¥Ó¥¹

iDATEN SaaSplats¤Ë¤è¤ê¡¢¤ªµÒ¤µ¤Þ¤ÏÊ£¿ô¤ÎSaaS¡¦¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤Î¤´·ÀÌó¤äÀÁµá¡¦·ÀÌó´ÉÍý¤Ê¤É¤ò¥ï¥ó¥¹¥È¥Ã¥×¤Ç¤ª¼ê³¤­¡¢Áë¸ý¤Î°ìËܲ½µÚ¤ÓÊ£¿ô¥µ¡¼¥Ó¥¹¤Î·ÀÌó¤ò°ì¸µ´ÉÍý¤Ê¤É¤Î¥á¥ê¥Ã¥È¤òµý¼õ¤¤¤¿¤À¤±¤Þ¤¹¡£

Secioss Identity Suite Cloud Edition¡Ê°Ê¹ßIdentity Suite Cloud¤È¤·¤Þ¤¹¡Ë¤ò¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËƳÆþ¤¹¤ë¤³¤È¤Ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤Æ°Ê²¼¤Îµ¡Ç½¤ò´Êñ¤ËÄɲ乤뤳¤È¤Ç¤­¤Þ¤¹¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
SAML¤ÎService Provider¤È¤·¤ÆÆ°ºî¤·¡¢SAML¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¤¤Þ¤¹¡£¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏIdentity Suite Cloud¤ÎÂåÍýǧ¾Úµ¡Ç½¤Ë¤è¤ê´Êñ¤ËSAMLǧ¾Úµ¡Ç½¤òÁȤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

IDƱ´ü
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎID´ÉÍýÍÑSOAP API¤òÄ󶡤·¡¢SOAP·Ðͳ¤Ç¤ÎID´ÉÍý¤ä¥µ¥¤¥È´Ö¤Ç¤ÎIDƱ´ü¤ò¼Â¸½¤·¤Þ¤¹¡£Identity Suite Cloud¤Ï¡¢Äê´üŪ¤ËSOAP API¤Ç¹¹¿·¥Ç¡¼¥¿¤ò¼èÆÀ¤·¡¢LISM¤Ë¤è¤ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤ØÈ¿±Ç¤·¤Þ¤¹¡£

¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥í¥¸¥§¥¯¥È

Identity Suite Cloud¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤È¤·¤ÆGPL¥é¥¤¥»¥ó¥¹¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£
¡¦¥×¥í¥¸¥§¥¯¥È¥µ¥¤¥È¡§http://sourceforge.jp/projects/secioss-auth/
¡¦¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¡§http://lists.sourceforge.jp/mailman/listinfo/secioss-auth-users

1. ¥¤¥ó¥¹¥È¡¼¥ë

Identity Suite Cloud SP¤òWindows´Ä¶­¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤Æ¡¢²òÀ⤷¤Þ¤¹¡£
Identity Suite Cloud SP¤Î¿ä¾©´Ä¶­¤Ï°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£
¡¦OS¡§ Windows Server 2003°Ê¹ß
¡¦Web¥µ¡¼¥Ð¡§  IIS 6°Ê¹ß

º£²ó¤Î¥¤¥ó¥¹¥È¡¼¥ë´Ä¶­¤È¤·¤Æ¤Ï¡¢Windows Server 2008¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£
¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Îǧ¾Ú¥µ¡¼¥Ð¡¢Åý¹çID´ÉÍý¥µ¡¼¥Ð¤Ï¡¢ÊÀ¼ÒSaaS¥µ¡¼¥Ó¥¹SeciossLink¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£  

1.1 ActivePerl¤Î¥¤¥ó¥¹¥È¡¼¥ë

ActivePerl¤òhttp://www.activestate.com/activeperl/downloads/¤«¤é¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£ ¤Þ¤¿¡¢¹ç¤ï¤»¤ÆIIS¤ÇPerl¤ÎCGI¤¬»ÈÍѤǤ­¤ë¤è¤¦¤ËÀßÄꤷ¤Æ¤ª¤¤¤Æ²¼¤µ¤¤¡£

¼¡¤Ë¡¢°Ê²¼¤ÎPerl¥â¥¸¥å¡¼¥ë¤ò¥³¥Þ¥ó¥É¥×¥í¥ó¥×¥È¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£

Config-General¡¢Config-IniFiles¡¢Log-Dispatch¡¢Log-Dispatch-FileRotate¡¢Class-Inspector¡¢DBD-mysql
¡¡ppm install <¥Ñ¥Ã¥±¡¼¥¸Ì¾

1.2 PHP¤Î¥¤¥ó¥¹¥È¡¼¥ë

http://www.php.net/downloads.php¤«¤éPHP¤ÎWindows binary zip¥Õ¥¡¥¤¥ë¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£

PHP¤ÎExtension¤È¤·¤Æ¡¢°Ê²¼¤Î¥â¥¸¥å¡¼¥ë¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£
¡¦ php_openssl.dll

1.3 Secioss Identity Suite Cloud Edition SP

secioss-idsuite-cloud-sp-win-3.x.x.zip¤òŸ³«¤·¤Æ¡¢opt¥Õ¥©¥ë¥À¤òC:\opt¤È¤·¤ÆÇÛÃÖ¤·¤Þ¤¹¡£

¼¡¤ËC:\opt¤Î[¥×¥í¥Ñ¥Æ¥£]->[¥»¥­¥å¥ê¥Æ¥£]¤«¤é¡¢IUSR¡ÊWindows 2003 Server¤Ç¤ÏIUSR_<¥Þ¥·¥ó̾>¡Ë¡¢Users¤ËÂФ·¤Æ¥¢¥¯¥»¥¹µö²Ä¤òÍ¿¤¨¤Þ¤¹¡£

¤µ¤é¤Ë¡¢°Ê²¼¤Î¥Õ¥©¥ë¥À¤Ë¤ÏIUSR¡¢Users¤ËÂФ·¤Æ¥Õ¥ë¥³¥ó¥È¥í¡¼¥ë¤Î¥¢¥¯¥»¥¹µö²Ä¤òÍ¿¤¨¤Þ¤¹¡£
¡¦ C:\opt\secioss\share\simplesamlphp\log
¡¦ C:\opt\secioss\var\log 

1.4 IIS¥Þ¥Í¡¼¥¸¥ã¤ÎÀßÄê

»ÈÍѤ¹¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ë¤Ä¤¤¤Æ°Ê²¼¤Î¤è¤¦¤Ë²¾Áۥǥ£¥ì¥¯¥È¥ê¤òÀßÄꤷ¤Þ¤¹¡£
¡¡SAML ¥¨¥¤¥ê¥¢¥¹¡§<¥¢¥×¥ê¥±¡¼¥·¥ç¥óURL¤Î¥Ñ¥¹>/saml¡¡¥Ñ¥¹¡§C:\opt\secioss\share\simplesamlphp\www
¡¡ÂåÍýǧ¾Ú ¥¨¥¤¥ê¥¢¥¹¡§ <¥¢¥×¥ê¥±¡¼¥·¥ç¥óURL¤Î¥Ñ¥¹>/sso¡¡¥Ñ¥¹¡§ C:\opt\secioss\var\www\sso
¢¨ ¥¢¥×¥ê¥±¡¼¥·¥ç¥óURL¤Î¥Ñ¥¹¤Ï¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÂоݤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¤Î¤¦¤Á¤Î¥Ñ¥¹Éôʬ¤Ç¤¹¡£
¡¡ Î㡧 URL: https://sp.example.com/SugarCE/index.php ¥Ñ¥¹: /SugarCE

2. ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

2.1 SAMLǧ¾Ú¤ÎÀßÄê 

"C:\opt\secioss\share\simplesamlphp\config\config.php"¤Î'baseurlpath'¤òIIS¤ÇÀßÄꤷ¤¿SAML¤Î¥¨¥¤¥ê¥¢¥¹¤Ë¡¢ 'default-saml20-idp'¤ò"<ǧ¾Ú¥µ¡¼¥Ð¤ÎURL>/<¥Æ¥Ê¥ó¥ÈID>"¡ÊÎ㡧 https://slink.secioss.com/secioss.co.jp¡Ë¤Ë¡¢SESSIONNAME¤ò¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥»¥Ã¥·¥ç¥ó¥¯¥Ã¥­¡¼Ì¾¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£

"C:\opt\secioss\share\simplesamlphp\metadata\saml20-idp-remote.php"¤Î'SingleSignOnService'¡¢'SingleLogoutService'¤Î¥Û¥¹¥È̾¤òǧ¾Ú¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾¤Ë¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£

¤Þ¤¿¡¢°Ê²¼¤ÎÃͤò"<ǧ¾Ú¥µ¡¼¥Ð¤ÎURL>/<¥Æ¥Ê¥ó¥ÈID>"¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£

        'https://slink.secioss.com' =>  array(

¼¡¤Ë¡¢"C:\opt\secioss\share\simplesamlphp\metadata\saml20-sp-hosted.php"¤Î"https://sp.example.com/path"¤ò¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¡ÊURL¤Ï¥Ñ¥¹¤Þ¤Ç¤È¤·¤Æ¡¢¥Õ¥¡¥¤¥ë̾¤ÎÉôʬ¤Ï´Þ¤á¤Ê¤¤¤Ç²¼¤µ¤¤¡Ë¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£

¼¡¤Ë¡¢Ç§¾Ú¥µ¡¼¥Ð¤Î¸ø³«¸°"<ǧ¾Ú¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾>/public/PublicKey-idp.pem"¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢°Ê²¼¤Î¾ì½ê¤Ë"C:\opt\secioss\share\simplesamlphp\cert"¤ËÃÖ¤¤¤Æ²¼¤µ¤¤¡£

¼¡¤ËSAMLǧ¾ÚÍѤÎÈëÌ©¸°¤È¸ø³«¸°¤òºîÀ®¤·¤Þ¤¹¡£
°Ê²¼¤ÏLinux¾å¤ÇOpenSSL¤Ë¤è¤ëÈëÌ©¸°¤È¸ø³«¸°¤ÎºîÀ®¼ê½ç¤Ç¤¹¡£
­¡ ÈëÌ©¸°¤òºîÀ®¤·¤Þ¤¹¡£
# cd /etc/pki/tls/certs
# make test.key
ÈëÌ©¸°¤«¤é¥Ñ¥¹¥ï¡¼¥É¤òºï½ü¤·¤Þ¤¹¡£
# openssl rsa -in test.key -out test.key

­¢ ¸ø³«¸°¤òºîÀ®¤·¤Þ¤¹¡£
# make test.crt
Country Name (2 letter code) [GB]:JP¡¡←¡¡¹ñ̾
State or Province Name (full name) [Berkshire]:Tokyo¡¡←¡¡ÅÔÆ»Éܸ©Ì¾
Locality Name (eg, city) [Newbury]:Bunkyo¡¡←¡¡»Ô¶èĮ¼̾
Organization Name (eg, company) [My Company Ltd]:TEST, Inc¡¡←¡¡²ñ¼Ò̾
Organizational Unit Name (eg, section) []:¡¡←¡¡¶õENTER
Common Name (eg, your name or your server's hostname) []:sp.test.co.jp¡¡←¡¡¥Û¥¹¥È̾
Email Address []:admin@test.co.jp¡¡←¡¡´ÉÍý¼Ô¥á¡¼¥ë¥¢¥É¥ì¥¹

ÈëÌ©¸°¤Ï¡¢"C:\opt\secioss\share\simplesamlphp\cert\PrivateKey.pem"¤Ë¥³¥Ô¡¼¤·¤Æ²¼¤µ¤¤¡£

2.2 ÂåÍýǧ¾Ú¤ÎÀßÄê

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¼«Æ°¤Ç¥í¥°¥¤¥ó¤¹¤ë¤¿¤á¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£

ÀßÄê¥Õ¥¡¥¤¥ë¤Ï¡¢"C:\opt\secioss\var\www\conf\<¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾¡ÊÁ´¤Æ¾®Ê¸»ú¡Ë>.ini"¤È¤·¤ÆºîÀ®¤·¤Æ²¼¤µ¤¤¡£
°Ê²¼¤ÏSugarCRMÍѤÎÀßÄêÎã¤Ç¤¹¡£

[url]
login = "https://sp.example.com/SugarCE/index.php?action=Login&module=Users"
back = "/SugarCE/"

[postName]
username = user_name
password = user_password

[postData]
module = Users
action = Authenticate
return_module = Users
return_action = Login
cant_login = ""
login_module = ""
login_action = ""
login_record = ""
login_theme = Sugar
login_language = ja
login_button = "  ¥í¥°¥¤¥ó  "

[postData]¤Ë¤Ï¡¢POST¤¹¤ë¥Ç¡¼¥¿¤ÎÊÑ¿ô̾¤ÈÃͤÎÁȤ߹ç¤ï¤»¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£   

2.3 Ç§¾Ú¥µ¡¼¥Ð¤ÎÀßÄê

https://<ǧ¾Ú¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾>/tenantadmin/¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤Ç¥í¥°¥¤¥ó¤·¤Þ¤¹¡£
²èÌ̾åÉô¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¥¯¥ê¥Ã¥¯¤·¤«¤é¡¢º¸Â¦¥á¥Ë¥å¡¼¤Î”SAML ¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À”¤ò¥¯¥ê¥Ã¥¯¤·¤Æ²¼¤µ¤¤¡£
”¿·µ¬ÅÐÏ¿”¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¡¢SP¤ÎÀßÄê¤òÅÐÏ¿¤·¤Þ¤¹¡£
¡¦¥µ¡¼¥Ó¥¹¡§¡¡¥µ¡¼¥Ó¥¹ID¤òÁªÂò¤·¤Æ²¼¤µ¤¤¡£
¡¦¥µ¡¼¥Ó¥¹Ì¾¡§¡¡SP¤Î¥µ¡¼¥Ó¥¹Ì¾¡ÊǤ°Õ¤ÎÃ͡ˤòÀßÄꤷ¤Æ²¼¤µ¤¤¡£
¡¦URL¡§¡¡2.1¹à¤ÇÀßÄꤷ¤¿¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£
¡¦¥æ¡¼¥¶ID¤Î°À­¡§¡¡SP¤ËÅϤ¹¥æ¡¼¥¶ID¤Î°À­¤òÁªÂò¤·¤Æ²¼¤µ¤¤¡£
¡¦°Å¹æ²½ÍѸø³«¸°¡§¡¡2.1¹à¤ÇºîÀ®¤·¤¿¸ø³«¸°¤òÅÐÏ¿¤·¤Æ²¼¤µ¤¤¡£

3. IDƱ´ü

3.1  IDƱ´ü¤ÎÀßÄê

Identity Suite Cloud¤Ï¡¢LISM¤Ë¤è¤Ã¤ÆÄê´üŪ¤ËÅý¹çID´ÉÍý¥µ¡¼¥Ð¤«¤é¹¹¿·¥Ç¡¼¥¿¤ò¼èÆÀ¤·¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤äLDAP¤Î¥¢¥«¥¦¥ó¥È¤ò¹¹¿·¤·¤Þ¤¹¡£

ºÇ½é¤Ë¡¢"C:\opt\secioss\etc\lism-sp.conf¤Î°Ê²¼¤ÎÃͤò´Ä¶­¤Ë¹ç¤ï¤»¤ÆÊѹ¹¤·¤Æ²¼¤µ¤¤¡£
¡¦slink.secioss.com¡§ Åý¹çID´ÉÍý¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾
¡¦TENANTID¡§¡¡¥Æ¥Ê¥ó¥ÈID
¡¦SERVICEID¡§¡¡2.3¹à¤Î¥µ¡¼¥Ó¥¹ID¡Ê¥Æ¥Ê¥ó¥ÈID¤Ï½ü¤¯¡Ë
¡¦ADMINID¡§¡¡Åý¹çID´ÉÍý¥µ¡¼¥Ð¤ËÀܳ¤¹¤ë´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È̾
¡¦ADMINPW¡§¡¡´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É
¤Þ¤¿¡¢IDƱ´üÂоݤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥æ¡¼¥¶ID¤Ë»ÈÍѤ¹¤ë°À­¤Ë¹ç¤ï¤»¤Æ¡¢°Ê²¼¤ÎÊѹ¹¤ò¹Ô¤Ã¤Æ²¼¤µ¤¤¡£
¡¦¥æ¡¼¥¶ID¡§ "<!-- id ... -->"¤Î¥³¥á¥ó¥È¥¢¥¦¥È¤ò³°¤·¤Æ¤¯¤À¤µ¤¤¡£
¡¦¥æ¡¼¥¶ID@¥Æ¥Ê¥ó¥ÈID¡§ Êѹ¹¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£
¡¦¥á¡¼¥ë¥¢¥É¥ì¥¹¡§ "<!-- attribute ... -->"¤Î¥³¥á¥ó¥È¥¢¥¦¥È¤ò³°¤·¤Æ¡¢ATTRIBUTE¤òmail¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£
¡¦¼Ò°÷Èֹ桧 "<!-- attribute ... -->"¤Î¥³¥á¥ó¥È¥¢¥¦¥È¤ò³°¤·¤Æ¡¢ATTRIBUTE¤òemployeeNumber¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£
¡¦¥µ¡¼¥Ó¥¹¸ÄÊÌ¤Î¥í¥°¥¤¥óID¡§ "<!-- attribute ... -->"¤Î¥³¥á¥ó¥È¥¢¥¦¥È¤ò³°¤·¤Æ¡¢ATTRIBUTE¤òseciossLoginId;x-sys-<¥µ¡¼¥Ó¥¹ID>@<¥Æ¥Ê¥ó¥ÈID>

LISM¤ÎÀßÄê¥Õ¥¡¥¤¥ë/opt/secioss/etc/lism.conf¤Ë¡¢¹¹¿·ÂоݤΥǡ¼¥¿¥Ù¡¼¥¹¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
LISM¤ÎÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢LISM¤Î¥µ¥¤¥È¤ò¤´Í÷²¼¤µ¤¤¡£  

SugarCRM¤òÎã¤È¤·¤ÆLISM¤ÎÀßÄê¤òÎ㼨¤·¤Þ¤¹¡£ 

lism.conf

<config>
  <sync>
    <data name="SP">
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncfilter>(&amp;(!(seciossAccountStatus=deleted))(&amp;(objectClass=inetOrgPerson)(|(seciossAllowedService=sugarcrm-secioss.co.jp)(seciossAllowedService;x-perm-group=sugarcrm-secioss.co.jp))))</syncfilter>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>givenName</name>
        </syncattr>
        <syncattr>
          <name>sn;lang-ja;phonetic</name>
        </syncattr>
        <syncattr>
          <name>givenName;lang-ja;phonetic</name>
        </syncattr>
      </object>
    </data>
  </sync>
  <data name="SP">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>o=SP</rdn>
    </container>
    <handler name="Rewrite">
      <rewrite context="request" match="createtimestamp: *([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z" substitution="createtimestamp: %1-%2-%3 %4:%5:%6"/>
      <rewrite context="searchResult" match="createtimestamp: *([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})" substitution="createtimestamp: %1%2%3%4%5%6Z"/>
      <rewrite context="request" match="modifytimestamp: *([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z" substitution="modifytimestamp: %1-%2-%3 %4:%5:%6"/>
      <rewrite context="searchResult" match="modifytimestamp: *([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})" substitution="modifytimestamp: %1%2%3%4%5%6Z"/>
    </handler>
    <storage name="SQL" hash="MD5:hex">
      <libload>LISM/Utils/lism_util.pl</libload>
      <libload>LISM/Utils/lism_sugarcrm.pl</libload>
      <dsn>DBI:mysql:sugarcrm:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <initquery>set names utf8</initquery>
      <noop>delete</noop>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>users</table>
        <id>
          <column>id</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <oc>seciossIamAccount</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>user_name</column>
        </attr>
        <attr name="cn">
          <selexpr>ifnull(concat(last_name, ' ', first_name), last_name)</selexpr>
        </attr>
        <attr name="sn">
          <column>last_name</column>
        </attr>
        <attr name="givenname">
          <column>first_name</column>
        </attr>
        <attr name="title">
          <column>title</column>
        </attr>
        <attr name="department">
          <column>department</column>
        </attr>
        <attr name="userpassword">
          <column>user_hash</column>
        </attr>
        <attr name="homephone">
          <column>phone_home</column>
        </attr>
        <attr name="telephonenumber">
          <column>phone_work</column>
        </attr>
        <attr name="mobile">
          <column>phone_mobile</column>
        </attr>
        <attr name="facsimiletelephonenumber">
          <column>phone_fax</column>
        </attr>
        <attr name="ipphone">
          <column>phone_other</column>
        </attr>
        <attr name="street">
          <column>address_street</column>
        </attr>
        <attr name="l">
          <column>address_city</column>
        </attr>
        <attr name="st">
          <column>address_state</column>
        </attr>
        <attr name="c">
          <column>address_country</column>
        </attr>
        <attr name="postalcode">
          <column>address_postalcode</column>
        </attr>
        <attr name="createtimestamp">
          <column>date_entered</column>
        </attr>
        <attr name="modifytimestamp">
          <column>date_modified</column>
        </attr>
        <attr name="description">
          <column>description</column>
        </attr>
        <strginfo>
          <column>id</column>
          <value type="function">createGuid()</value>
        </strginfo>
        <strginfo>
          <column>status</column>
          <value type="constant">Active</value>
          <delproc>update users set status = 'Inactive' where id = '%o'</delproc>
        </strginfo>
      </object>
    </storage>
  </data>
</config>

¼¡¤Ë¡¢"C:\opt\secioss\var\www\cgi-bin\lismapi.conf"¤ÎADMINID¡¢ADMINPW¤ò¤½¤ì¤¾¤ì´ÉÍý¼Ô¤Î¥¢¥«¥¦¥ó¥È̾¡¢¥Ñ¥¹¥ï¡¼¥É¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£

4. Æ°ºî³Îǧ

4.1 IDƱ´ü¤Î³Îǧ

SeciossLink¤«¤éID¤Î¹¹¿·¥Ç¡¼¥¿¤ò¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËƱ´ü¤·¤Þ¤¹¡£
¡¡# perl C:\opt\secioss\sbin\idsync sp

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ¹¤ë¥Ç¡¼¥¿¤Î¹¹¿·¤Ï¹Ô¤ï¤º¤Ë¡¢¹¹¿·¥Ç¡¼¥¿¤Î³Îǧ¤Î¤ß¤·¤¿¤¤¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¡¢"C:\opt\secioss\var\lib\csv\user.csv"¤ÎÆâÍƤò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
¡¡# perl C:\opt\secioss\sbin\idsync -n sp

¤Þ¤¿¡¢º¹Ê¬¥Ç¡¼¥¿¤Î¥Á¥§¥Ã¥¯¤Î¤ß¹Ô¤¦¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
¡¡# perl C:\opt\secioss\sbin\idsync -r sp

Àµ¾ï¤Ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤ÆID¤ÎƱ´ü¤¬¹Ô¤¨¤ë¤³¤È¤ò³Îǧ¤Ç¤­¤¿¤é¡¢¥¿¥¹¥¯¤Ë1»þ´Ö¤Ë1²ó "perl C:\opt\secioss\sbin\idsync sp"¤ò¼Â¹Ô¤¹¤ë¤è¤¦¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£

4.2 ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Î³Îǧ

"<¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL>/sso/autologin.php?sso_app=<2.2¹à¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾>"¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¹¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£

SeciossLink ¤Ï¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈÅý¹çID´ÉÍý¤ò¥»¥Ã¥È¤Ë¤·¤¿ SaaS ·¿¥µ¡¼¥Ó¥¹¤Ç¤¹¡£ Google Apps ¤ä Salsforce ¤Ê¤É¤Î¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤«¤é¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥É¡¢¼ÒÆâ¤Î¥ª¥ó¥×¥ì¥ß¥¹¥·¥¹¥Æ¥à¤Þ¤Ç¡¢Åý¹çŪ¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤È ID ´ÉÍý¤ò¹Ô¤¦¤³¤È¤¬²Äǽ¤Ç¤¹¡£¤Þ¤¿¡¢Amazon Web Sservice ¤ä Nifty Cloud Service ¤Ê¤É¤Î¥¯¥é¥¦¥É´Ä¶­¤Ë¤ª¤¤¤Æ¡¢¥¤¥ó¥¹¥¿¥ó¥¹¤Î Linux ¥¢¥«¥¦¥ó¥È¤òÅý¹ç´ÉÍý¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£SeciossLink ¤Ï¡¢1 ¥æ¡¼¥¶¤¢¤¿¤ê´ðËÜÎÁ¶â ·î³Û 150 ±ß¤È¥·¥¹¥Æ¥àÏ¢·È¥ª¥×¥·¥ç¥óÎÁ¶â·î³Û 15 ±ß¡Ê1¥·¥¹¥Æ¥à¡Ë¤È¼ê·Ú¤ÊÎÁ¶âÀßÄê¤Ë²Ã¤¨¡¢Google Apps¡¦Salesforce ¤Ê¤É¤Î¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤òÈÎÇ䤹¤ë»ö¶È¼Ô¤¬¥»¥Ã¥ÈÈÎÇ䤹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£

Gléas ¤¬¡¢SeciossLink ¤ËÂбþ¤·¤¿¤³¤È¤Ë¤è¤ê¡¢PC ¤ª¤è¤Ó iPhone / iPad ¤«¤é¡¢Google Apps ¡¦ Salesforce¤Ê¤É¤Î¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤Ë²Ã¤¨¡¢¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥É¡¢¼ÒÆâ¤Î¥ª¥ó¥×¥ì¥ß¥¹¥·¥¹¥Æ¥à¤Ê¤É¤Î½ÅÍפʼÒÆâ¾ðÊó»ñ»º¤Ø¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÎºÝ¤Ë¡¢ÅŻҾÚÌÀ½ñ¤Ë¤è¤ë¸·³Ê¤Êǧ¾Ú¶¯²½¤¬²Äǽ¤È¤Ê¤ê¤Þ¤·¤¿¡£ÅŻҾÚÌÀ½ñ¤òüËö¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤ÇüËö¤Îǧ¾Ú¤ò¡¢ÅŻҾÚÌÀ½ñ¤ò USB ¥È¡¼¥¯¥ó¤ä IC ¥«¡¼¥É¤Ê¤É¤Î¥»¥­¥å¥ê¥Æ¥£¥Ç¥Ð¥¤¥¹¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤Ç¿Í¤Îǧ¾Ú¤ò¼Â¸½¤Ç¤­¤Þ¤¹¤Î¤Ç¡¢´ë¶È¤Î¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¡¼¤Ë¹ç¤ï¤»¤Æ½ÀÆð¤Êǧ¾Ú¥Ý¥ê¥·¡¼¤òÀ߷פ¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£ Gléas ¤Ï¡¢¥×¥é¥¤¥Ù¡¼¥Èǧ¾Ú¶É¤Î´ðËܵ¡Ç½¤Ë²Ã¤¨¡¢¥»¥­¥å¥ê¥Æ¥£¥Ç¥Ð¥¤¥¹¤Î´ÉÍýµ¡Ç½¤ä¥¨¥ó¥É¥æ¡¼¥¶¤¬ÅŻҾÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë Web µ¡Ç½¤òɸ½à¤ÇÅëºÜ¤·¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢SeciossLink ¤È¥»¥Ã¥È¤ÇÍøÍѤ¤¤¿¤À¤¯¤³¤È¤Ç¥»¥­¥å¥¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó´Ä¶­¤ò¼ê·Ú¤Ë¹½ÃÛ¡¦±¿ÍѤ¤¤¿¤À¤±¤Þ¤¹¡£¤Þ¤¿¡¢Gléas ¤È SeciossLink¤Ï¡¢º£²ó¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ç¤ÎÏ¢·È¤Ë²Ã¤¨¡¢¾­ÍèŪ¤Ë¤ÏÅý¹çID´ÉÍý¤ÎÏ¢·È¤Ë¤Ä¤¤¤Æ¤â¼Â¸½¤¹¤ë¤³¤È¤ò·×²è¤·¤Æ¤¤¤Þ¤¹¡£

Gléas¤Ï¡¢ºòǯ¤«¤é¹ñÆâ¥È¥Ã¥×¥·¥§¥¢¤Î¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Ç¤¢¤ë iPhone / iPad ¤Ø¤ÎÂбþ¤ò³«»Ï¤¹¤ë¤È¤È¤â¤Ë¡¢ÈÎÇä¥Ñ¡¼¥È¥Ê¡¼¤È¤ÎÏ¢·È¥½¥ê¥å¡¼¥·¥ç¥ó¤Î³«È¯¤ËÀѶËŪ¤Ë¼è¤êÁȤळ¤È¤Ç¡¢¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Ë´Ø¤¹¤ë´ë¶È¥Ë¡¼¥º¤ÎÇÄ°®¤ÈÂбþ¤ËÅؤá¤Æ¤­¤Þ¤·¤¿¡£Ãæ¤Ç¤â¡¢´ë¶È¤Î´ÉÍý¼Ô¶È̳¤Î¸úΨ²½¤òÌÜŪ¤È¤·¤¿µ¡Ç½¤ª¤è¤Ó´ØÏ¢¥½¥ê¥å¡¼¥·¥ç¥ó¤Ï¡¢¤ªµÒÍͤ«¤é¤Î¥Ë¡¼¥º¤Ë´ð¤Å¤­³«È¯¡¦ÅëºÜ¤·¤¿¤³¤È¤Ç¹â¤¤É¾²Á¤ò¤¤¤¿¤À¤¤¤Æ¤¤¤Þ¤¹¡£

¥»¥·¥ª¥¹ ¤Ï¡¢À½ÉÊ¡¦ÈÎÇä¥Ñ¡¼¥È¥Ê¡¼´ë¶È¤È¤ÎÏ¢·È¤Ë¤è¤ê¡¢3 ǯ´Ö¤ÇÌó 20 ¼Ò¤Ø¤Î Gléas ¤È¤Î¥»¥Ã¥ÈÈÎÇä¤òÌܻؤ·¤Þ¤¹¡£

¢¡³ô¼°²ñ¼Ò¥»¥·¥ª¥¹¤Ë¤Ä¤¤¤Æ

³ô¼°²ñ¼Ò¥»¥·¥ª¥¹¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤ò´ðÈפȤ·¤¿¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¦Åý¹çID´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¤Î³«È¯¡¢ÈÎÇä¤ò¹Ô¤Ã¤Æ¤¤¤ë´ë¶È¤Ç¤¹¡£SaaS·¿¥µ¡¼¥Ó¥¹¤Î¡ÖSeciossLink¡×°Ê³°¤Ë¤â¡¢¥ª¥ó¥×¥ì¥ß¥¹¥·¥¹¥Æ¥à¸þ¤±¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖSecioss Access Manager¡×¡¢Åý¹çID´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖSecioss Identity Manager¡×¤ä³Ø½Ñ·Ï¤Ç¼ÂÀӤ襤¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥½¥Õ¥È¥¦¥§¥¢Shibboleth¤ÎƳÆþ¥µ¡¼¥Ó¥¹¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£

¢¡³ô¼°²ñ¼ÒJCCH ¡¦¥»¥­¥å¥ê¥Æ¥£¡¦¥½¥ê¥å¡¼¥·¥ç¥ó¡¦¥·¥¹¥Æ¥à¥º¤Ë¤Ä¤¤¤Æ

³ô¼°²ñ¼ÒJCCH ¡¦¥»¥­¥å¥ê¥Æ¥£¡¦¥½¥ê¥å¡¼¥·¥ç¥ó¡¦¥·¥¹¥Æ¥à¥º¤Ï¡¢ PKI ¡Ê¸ø³«¸°°Å¹æ´ðÈסˤòÍøÍѤ·¤¿À½Éʳ«È¯¡¦ÈÎÇä´ë¶È¤Ç¤¹¡£¼«¼Ò³«È¯¤Î¡Ö¥×¥é¥¤¥Ù¡¼¥È CA Gléas ¡×¤òÃæ¿´¤Ë¡¢USB ¥È¡¼¥¯¥ó¤ä¥¹¥Þ¡¼¥È¥«¡¼¥É¤Ê¤É¤Îǧ¾Ú¥Ç¥Ð¥¤¥¹¤ÈÁȤ߹ç¤ï¤»¤¿¥Ó¥¸¥Í¥¹¤òÀѶËŪ¤ËŸ³«¤·¤Æ¤¤¤Þ¤¹¡£¥×¥é¥¤¥Ù¡¼¥ÈCA Gléas ¤Ç¤Ï¡¢¤ªµÒ¤µ¤Þ¼«¤é¤¬¾ÚÌÀ½ñ¤Îȯ¹ÔÍ×µá¤ä¥À¥¦¥ó¥í¡¼¥É¤Ê¤É¤Î´ÉÍý¶È̳¤ò¼Â»Ü¤Ç¤­¤ë¥æ¡¼¥¶¿½¹þ²èÌ̤ò¿·¤¿¤ËÄɲ乤ë¤Ê¤É¡¢¥æ¡¼¥¶ÅÐÏ¿¶È̳¤ò´Êά²½¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢Ãæ¾®µ¬ÌϤ«¤é 10 Ëü¥æ¡¼¥¶¤òĶ¤¨¤ëÂ絬ÌϤʤªµÒ¤µ¤Þ¤Î´Ä¶­¤Ë¤ª¤¤¤Æ¤â¡¢¤´ÍøÍѲÄǽ¤È¤Ê¤ê¤Þ¤¹¡£

¢¡ËÜ·ï¤Ë´Ø¤¹¤ëÌ䤤¹ç¤»Àè

³ô¼°²ñ¼Ò¥»¥·¥ª¥¹
E-Mail¡§sales@secioss.co.jp
TEL¡§03-6265-0448FAX¡§03-6265-0448
URL¡§http://www.secioss.co.jp/

³ô¼°²ñ¼ÒJCCH ¡¦¥»¥­¥å¥ê¥Æ¥£¡¦¥½¥ê¥å¡¼¥·¥ç¥ó¡¦¥·¥¹¥Æ¥à¥º
E-Mail¡§sales@jcch-sss.com
TEL¡§03-5615-1020FAX¡§03-5604-1563
URL¡§http://www.jcch-sss.com/ 

¢¡À½ÉʤξܺÙ

¡¦SeciossLink
http://www.secioss.co.jp/2011/05/saas_secioss_federation.html

¡¦Gléas
http://www.jcch-sss.com/service/gleas

Secioss Identity Suite Cloud Edition¡Ê°Ê¹ßIdentity Suite Cloud¤È¤·¤Þ¤¹¡Ë¤òSaaS·¿¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËƳÆþ¤¹¤ë¤³¤È¤Ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤Æ°Ê²¼¤Îµ¡Ç½¤ò´Êñ¤ËÄɲ乤뤳¤È¤Ç¤­¤Þ¤¹¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
SAML¤ÎService Provider¤È¤·¤ÆÆ°ºî¤·¡¢SAML¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¤¤Þ¤¹¡£SaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏIdentity Suite Cloud¤ÎÂåÍýǧ¾Úµ¡Ç½¤Ë¤è¤ê´Êñ¤ËSAMLǧ¾Úµ¡Ç½¤òÁȤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥¢¥«¥¦¥ó¥ÈƱ´ü
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥¢¥«¥¦¥ó¥È´ÉÍýÍÑSOAP API¤òÄ󶡤·¡¢SOAP·Ðͳ¤Ç¤Î¥¢¥«¥¦¥ó¥È´ÉÍý¤äSaaS´Ö¤Ç¤Î¥¢¥«¥¦¥ó¥ÈƱ´ü¤ò¼Â¸½¤·¤Þ¤¹¡£Identity Suite Cloud¤Ï¡¢SOAP API¤Ç¼õ¤±ÉÕ¤±¤¿¹¹¿·Í×µá¤ò¡¢LISM¤Ë¤è¤êSaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤ØÈ¿±Ç¤·¤Þ¤¹¡£

º£²ó¤ÏSaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËIdentity Suite Cloud¤òSaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËƳÆþ¤·¤Æ¡¢Æ°ºî¸¡¾Ú¤ò¹Ô¤¦¤¿¤á¤ÎÊýË¡¤Ë¤Ä¤¤¤Æ²òÀ⤷¤Þ¤¹¡£ 

¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥í¥¸¥§¥¯¥È

Identity Suite Cloud¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤È¤·¤ÆGPL¥é¥¤¥»¥ó¥¹¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£
¡¦¥×¥í¥¸¥§¥¯¥È¥µ¥¤¥È¡§http://sourceforge.jp/projects/secioss-auth/
¡¦¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¡§http://lists.sourceforge.jp/mailman/listinfo/secioss-auth-users

1. ¥¤¥ó¥¹¥È¡¼¥ë

Identity Suite Cloud SP¤Î¿ä¾©´Ä¶­¤Ï°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£
¡¦OS¡§ CentOS 5¡¢RedHat Enterprise Linux 5
¡¦Web¥µ¡¼¥Ð¡§ Apache 2.2

º£²ó¤Î¥¤¥ó¥¹¥È¡¼¥ë´Ä¶­¤È¤·¤Æ¤Ï¡¢Linux¤ÎCentOS 5¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£

1.1  ɬÍפʥ½¥Õ¥È¥¦¥§¥¢¤Î¥¤¥ó¥¹¥È¡¼¥ë

# yum install libtool-ltdl
# yum install perl-LDAP
# yum install perl-DBI
# yum install perl-DBD-Pg
# yum install perl-XML-LibXML
# yum install perl-XML-Simple
# yum install perl-TimeDate
# yum install php-pear
# yum install php-xml
# yum install php-soap 

1.2 Identity Suite Cloud SP

http://sourceforge.jp/projects/secioss-auth/releases/¤«¤ésecioss-idsuite-cloud-sp-2.0.x.tgz¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£

secioss-idsuite-cloud-sp¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
# tar zxvf secioss-idsuite-cloud-sp-2.0.x.tgz
# cd secioss-idsuite-cloud-sp-2.0.x
# ./install.sh install

¤Þ¤¿¡¢¥Ñ¥Ã¥±¡¼¥¸¤ò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# ./install.sh update

1.3 ¥í¥°¤ÎÀßÄê

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈIDƱ´ü¤Î¥í¥°¤Ï¡¢¤½¤ì¤¾¤ìsyslog¤Îlocal5¡¢local4¤Ë½ÐÎϤ·¤Þ¤¹¡£
/etc/syslog.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ¡¢syslog¥Ç¡¼¥â¥ó¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£

local5.*                                         -/var/log/auth.log
local4.*                                         -/var/log/lism.log

2. ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

2.1 SAMLǧ¾Ú¤ÎÀßÄê

SAMLǧ¾Ú¡ÊSP¡Ë¤ÎÀßÄê¤ò¹Ô¤¦¤Ë¤Ï¡¢°Ê²¼¤Î¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# ./config.sh sso
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¡§ ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÂоݤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL
¥»¥Ã¥·¥ç¥ó¤Î¥¯¥Ã¥­¡¼Ì¾¡§¡¡¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥»¥Ã¥·¥ç¥ó¤òÊÝ»ý¤¹¤ë¥¯¥Ã¥­¡¼Ì¾

¼¡¤ËSAMLǧ¾ÚÍѤÎÈëÌ©¸°¤È¸ø³«¸°¤òºîÀ®¤·¤Þ¤¹¡£
°Ê²¼¤ÏOpenSSL¤Ë¤è¤ëÈëÌ©¸°¤È¸ø³«¸°¤ÎºîÀ®¼ê½ç¤Ç¤¹¡£
­¡ ÈëÌ©¸°¤òºîÀ®¤·¤Þ¤¹¡£
# cd /etc/pki/tls/certs
# make test.key
ÈëÌ©¸°¤«¤é¥Ñ¥¹¥ï¡¼¥É¤òºï½ü¤·¤Þ¤¹¡£
# openssl rsa -in test.key -out test.key

­¢ ¸ø³«¸°¤òºîÀ®¤·¤Þ¤¹¡£
# make test.crt
Country Name (2 letter code) [GB]:JP¡¡←¡¡¹ñ̾
State or Province Name (full name) [Berkshire]:Tokyo¡¡←¡¡ÅÔÆ»Éܸ©Ì¾
Locality Name (eg, city) [Newbury]:Bunkyo¡¡←¡¡»Ô¶èĮ¼̾
Organization Name (eg, company) [My Company Ltd]:TEST, Inc¡¡←¡¡²ñ¼Ò̾
Organizational Unit Name (eg, section) []:¡¡←¡¡¶õENTER
Common Name (eg, your name or your server's hostname) []:sp.test.co.jp¡¡←¡¡¥Û¥¹¥È̾
Email Address []:admin@test.co.jp¡¡←¡¡´ÉÍý¼Ô¥á¡¼¥ë¥¢¥É¥ì¥¹

ÈëÌ©¸°¤Ï¡¢"/usr/share/simplesamlphp/cert/PrivateKey.pem"¤Ë¥³¥Ô¡¼¤·¤Æ¡¢½êÍ­¼Ô¤òapache¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£
# chown apache /usr/share/simplesamlphp/cert/PrivateKey.pem

¸ø³«¸°¤Ï¡¢idsuite@secioss.co.jp°¸¤Ë°Ê²¼¤ÎÆâÍƤȤȤâ¤Ë¥á¡¼¥ë¤ÇÁ÷¿®¤·¤Æ¡¢Ç§¾Ú¥µ¡¼¥Ð¤ËÂФ¹¤ëÀܳ³Îǧ¤Î¿½ÀÁ¤ò¹Ô¤¤¤Þ¤¹¡£
¡¦»á̾
¡¦²ñ¼Ò̾
¡¦¥É¥á¥¤¥ó̾¡Ê¥Æ¥Ê¥ó¥ÈID¤Ë¤Ê¤ê¤Þ¤¹¡Ë
¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¡ÊÎ㡧 https://sp.example.com/app/¡Ë
¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾¡Ê±Ñ¿ô»ú¤Î¤ß¡¡Î㡧 SugarCRM¡Ë
¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¥í¥°¥¤¥ó¤¹¤ëID¤Î·Á¼°¡Ê¥æ¡¼¥¶ID¡¢¤Þ¤¿¤Ï¥á¡¼¥ë¥¢¥É¥ì¥¹¡Ë
¡¦´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È̾¡Ê±Ñ¿ô»ú¤Î¤ß¡Ë
¡¦¥Ñ¥¹¥ï¡¼¥É¡ÊǤ°Õ¡Ë
¡¦»ÈÍÑÌÜŪ

ºÇ¸å¤ËApache¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£
# /etc/init.d/httpd restart

2.2 ÂåÍýǧ¾Ú¤ÎÀßÄê

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¼«Æ°¤Ç¥í¥°¥¤¥ó¤¹¤ë¤¿¤á¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£

ÀßÄê¥Õ¥¡¥¤¥ë¤Ï¡¢"/var/www/conf/<¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾¡ÊÁ´¤Æ¾®Ê¸»ú¡Ë>.ini"¤È¤·¤ÆºîÀ®¤·¤Æ²¼¤µ¤¤¡£
°Ê²¼¤ÏSugarCRMÍѤÎÀßÄêÎã¤Ç¤¹¡£

[url]
login = "https://sp.example.com/SugarCE/index.php?action=Login&module=Users"
back = "/SugarCE/"

[postName]
username = user_name
password = user_password

[postData]
module = Users
action = Authenticate
return_module = Users
return_action = Login
cant_login = ""
login_module = ""
login_action = ""
login_record = ""
login_theme = Sugar
login_language = ja
login_button = "  ¥í¥°¥¤¥ó  "

[postData]¤Ë¤Ï¡¢POST¤¹¤ë¥Ç¡¼¥¿¤ÎÊÑ¿ô̾¤ÈÃͤÎÁȤ߹ç¤ï¤»¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£   

2.3 ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Î³Îǧ

"<¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL>/sso/autologin.php?sso_app=<2.2¹à¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾>"¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¹¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£

3. IDƱ´ü

3.1  IDƱ´ü¤ÎÀßÄê

Identity Suite Cloud¤Ï¡¢LISM¤Ë¤è¤Ã¤ÆÄê´üŪ¤ËSeciosLink¤«¤é¹¹¿·¥Ç¡¼¥¿¤ò¼èÆÀ¤·¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤äLDAP¤Î¥¢¥«¥¦¥ó¥È¤ò¹¹¿·¤·¤Þ¤¹¡£

ºÇ½é¤Ë¡¢°Ê²¼¤Î¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# ./config.sh idm
¥Æ¥Ê¥ó¥ÈID¡§¡¡SeciossLink¤Î¥Æ¥Ê¥ó¥ÈID
¥µ¡¼¥Ó¥¹ID¡§¡¡2.3¹à¤Î¥µ¡¼¥Ó¥¹ID¡Ê¥Æ¥Ê¥ó¥ÈID¤Ï½ü¤¯¡Ë
´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È̾¡§¡¡SeciossLink¤Î´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È̾
´ÉÍý¼Ô¥Ñ¥¹¥ï¡¼¥É¡§¡¡´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É
¥æ¡¼¥¶ID¤Î°À­ [1.¥æ¡¼¥¶ID|2.¥æ¡¼¥¶ID@¥Æ¥Ê¥ó¥ÈID|3.¥á¡¼¥ë¥¢¥É¥ì¥¹|4.¼Ò°÷ÈÖ¹æ|5.¥µ¡¼¥Ó¥¹¸ÄÊÌ¤Î¥í¥°¥¤¥óID]¡§¡¡ IDƱ´üÂоݤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥æ¡¼¥¶ID¤Ë»ÈÍѤ¹¤ë°À­¤òÈÖ¹æ¤Ç»ØÄê

LISM¤ÎÀßÄê¥Õ¥¡¥¤¥ëlism.conf¤Ë¤Ï¡¢¹¹¿·ÂоݤΥǡ¼¥¿¥Ù¡¼¥¹¡¢¤Þ¤¿¤ÏLDAP¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
LISM¤ÎÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢LISM¤Î¥µ¥¤¥È¤ò¤´Í÷²¼¤µ¤¤¡£  

SugarCRM¤òÎã¤È¤·¤ÆLISM¤ÎÀßÄê¤òÎ㼨¤·¤Þ¤¹¡£ 

lism.conf

<config>
  <sync>
    <data name="SP">
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncfilter>(&amp;(!(seciossAccountStatus=deleted))(&amp;(seciossAllowedService=sp01)(objectClass=inetOrgPerson)))</syncfilter>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>givenName</name>
        </syncattr>
        <syncattr>
          <name>sn;lang-ja;phonetic</name>
        </syncattr>
        <syncattr>
          <name>givenName;lang-ja;phonetic</name>
        </syncattr>
        <syncattr>
          <name>mail</name>
        </syncattr>
      </object>
    </data>
  </sync>
  <data name="SP">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>o=SP</rdn>
    </container>
    <handler name="Rewrite">
      <rewrite context="request" match="createtimestamp: *([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z" substitution="createtimestamp: %1-%2-%3 %4:%5:%6"/>
      <rewrite context="searchResult" match="createtimestamp: *([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})" substitution="createtimestamp: %1%2%3%4%5%6Z"/>
      <rewrite context="request" match="modifytimestamp: *([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z" substitution="modifytimestamp: %1-%2-%3 %4:%5:%6"/>
      <rewrite context="searchResult" match="modifytimestamp: *([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})" substitution="modifytimestamp: %1%2%3%4%5%6Z"/>
    </handler>
    <storage name="SQL" hash="MD5:hex">
      <libload>LISM/Utils/lism_util.pl</libload>
      <libload>LISM/Utils/lism_sugarcrm.pl</libload>
      <dsn>DBI:mysql:sugarcrm:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <initquery>set names utf8</initquery>
      <noop>delete</noop>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>users</table>
        <id>
          <column>id</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <oc>seciossIamAccount</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>user_name</column>
        </attr>
        <attr name="cn">
          <selexpr>ifnull(concat(last_name, ' ', first_name), last_name)</selexpr>
        </attr>
        <attr name="sn">
          <column>last_name</column>
        </attr>
        <attr name="givenname">
          <column>first_name</column>
        </attr>
        <attr name="title">
          <column>title</column>
        </attr>
        <attr name="department">
          <column>department</column>
        </attr>
        <attr name="userpassword">
          <column>user_hash</column>
        </attr>
        <attr name="homephone">
          <column>phone_home</column>
        </attr>
        <attr name="telephonenumber">
          <column>phone_work</column>
        </attr>
        <attr name="mobile">
          <column>phone_mobile</column>
        </attr>
        <attr name="facsimiletelephonenumber">
          <column>phone_fax</column>
        </attr>
        <attr name="ipphone">
          <column>phone_other</column>
        </attr>
        <attr name="street">
          <column>address_street</column>
        </attr>
        <attr name="l">
          <column>address_city</column>
        </attr>
        <attr name="st">
          <column>address_state</column>
        </attr>
        <attr name="c">
          <column>address_country</column>
        </attr>
        <attr name="postalcode">
          <column>address_postalcode</column>
        </attr>
        <attr name="createtimestamp">
          <column>date_entered</column>
        </attr>
        <attr name="modifytimestamp">
          <column>date_modified</column>
        </attr>
        <attr name="description">
          <column>description</column>
        </attr>
        <attr name="mail">
          <selexpr>email_address</selexpr>
          <fromtbls>email_addresses,email_addr_bean_rel</fromtbls>
          <joinwhere>email_addr_bean_rel.bean_id = users.id and email_addr_bean_rel.email_address_id = email_addresses.id</joinwhere>
          <addproc>insert into email_addresses values('%{createGuid()}', '%a', upper('%a'), 0, 0, now(), now(), 0)</addproc>
          <addproc>set @paddr=if((select count(*) from email_addr_bean_rel where bean_id = '%o'), 0, 1)</addproc>
          <addproc>insert into email_addr_bean_rel values('%{createGuid()}', (select id from email_addresses where email_addr
ess = '%a'), '%o', 'Users', @paddr, if(@paddr, 0, 1), now(), now(), 0)</addproc>
          <delproc>set @mailid=(select id from email_addresses where email_address = '%a' and id in (select email_address_id from email_addr_bean_rel where bean_id = '%o'))</delproc>
          <delproc>delete from email_addresses where id = @mailid</delproc>
          <delproc>delete from email_addr_bean_rel where bean_id = '%o' and email_address_id = @mailid</delproc>
        </attr>
        <attr name="manager">
          <oname>User</oname>
          <where>id = (select reports_to_id from users where id = '%o')</where>
          <addproc>update users set reports_to_id = '%a' where id = '%o'</addproc>
          <delproc>update users set reports_to_id = null where id = '%o'</delproc>
        </attr>
        <strginfo>
          <column>id</column>
          <value type="function">createGuid()</value>
        </strginfo>
        <strginfo>
          <column>status</column>
          <value type="constant">Active</value>
          <delproc>update users set status = 'Inactive' where id = '%o'</delproc>
        </strginfo>
        <strginfo>
          <addproc>insert into user_preferences values('%{createGuid()}', 'global', 0, now(), now(), '%o', '%{encode_base64(getFileContents("/opt/secioss/etc/sugarcrm-userpref.txt"), "")}')</addproc>
        </strginfo>
      </object>
    </storage>
  </data>
</config>

ÀßÄê¤Î³Îǧ¤Ï¡¢LISM¥µ¡¼¥Ð¤Î¥Ç¡¼¥â¥ó¤òµ¯Æ°¤·¤Æ¡¢¥Ç¡¼¥¿¤Î¸¡º÷¤ä¹¹¿·¤òLISM¤ËÂФ·¤Æ¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
¥Ç¡¼¥â¥ó¤òµ¯Æ°¤¹¤ë¾ì¹ç¤Ï¡¢°ì»þŪ¤Ë"<oc>seciossIamAccount</oc>"¤Î¹Ô¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤·¤Æ²¼¤µ¤¤¡£
# cp /opt/secioss/etc/openldap/slapd.conf.lism /opt/secioss/etc/openldap/slapd.conf
# /opt/secioss/sbin/slapd -h ldap://:3890 -u ldap -d256
# ldapseach -H ldap://:3890 -b 'dc=lism,dc=com'  # ¸¡º÷¤Î¾ì¹ç

3.2 IDƱ´ü¤Î³Îǧ

https://slink.secioss.com/tenantadmin/¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤Ç¥í¥°¥¤¥ó¤·¤Þ¤¹¡£
º¸Â¦¥á¥Ë¥å¡¼¤Î¥ê¥ó¥¯¤«¤éID´ÉÍý¤Ë¥¢¥¯¥»¥¹¤·¤Æ²¼¤µ¤¤¡£
¥æ¡¼¥¶¤Î”¿·µ¬ÅÐÏ¿”¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¡¢¿·µ¬ÅÐÏ¿²èÌ̤«¤é¡¢µö²Ä¤¹¤ë¥µ¡¼¥Ó¥¹¤Ë¼«¿È¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤òÁªÂò¤·¤Æ¡¢ÅÐÏ¿¤ò¹Ô¤¤¤Þ¤¹¡£
¿·µ¬ÅÐÏ¿¤ÎÀµ¾ï½ªÎ»¸å¡¢¥æ¡¼¥¶¤Î¸¡º÷¥á¥Ë¥å¡¼¤Î”¥·¥¹¥Æ¥à”¤«¤é¼«¿È¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤òÁªÂò¤·¤Æ¡¢¸¡º÷¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£ÅÐÏ¿¤·¤¿¥æ¡¼¥¶¤¬¸¡º÷·ë²Ì¤Ëɽ¼¨¤µ¤ì¤ì¤Ð¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ØÀµ¾ï¤Ë¥æ¡¼¥¶¤¬Æ±´ü¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

Àµ¾ï¤ËƱ´ü¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¾åÉô¤Î¥á¥Ë¥å¡¼¤Î¥í¥°¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¡¢ID´ÉÍý¤Î¥í¥°¤ò¸¡º÷¤·¤Æ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£

Google Apps¤äSalsforceÅù¡¢Â¾¤ÎSaaS¥µ¡¼¥Ó¥¹¤«¤é¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥É¤ä¼ÒÆâ¤Î¥ª¥ó¥×¥ì¥ß¥¹¤Î¥·¥¹¥Æ¥à¤Þ¤Ç¡¢Åý¹çŪ¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈID´ÉÍý¤ò¹Ô¤¦¤³¤È¤¬²Äǽ¤Ç¤¹¡£
¤µ¤é¤Ë¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥óÏ¢·ÈÍѤΥ½¥Õ¥È¥¦¥§¥¢¡ÖSecioss Identity Suite Cloud Edition SP¡×¤òƳÆþ¤¤¤¿¤À¤¯¤³¤È¤Ç¡¢Google Gadget¤È¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥É¤ä¥ª¥ó¥×¥ì¥ß¥¹¤Î¥·¥¹¥Æ¥à¤È¤Î´Ö¤Ç¥Ç¡¼¥¿¤ÎÏ¢·È¤¬²Äǽ¤È¤Ê¤ê¡¢Google Apps¤Î¥Ý¡¼¥¿¥ë¤«¤éGadget¤Ë¤è¤ê¡¢³Æ¥·¥¹¥Æ¥à¤Î¥Ç¡¼¥¿¤ò»²¾È¡¢¹¹¿·¤¹¤ë¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

¤Þ¤¿¡¢AWS¡ÊAmazon Web Services¡Ë¤äNifty CloudÅù¤Î¥¯¥é¥¦¥É´Ä¶­¤Ç¡¢Â¿¿ô¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤ò´ÉÍý¤¹¤ëºÝ¤ÎLinux¥¢¥«¥¦¥ó¥È¤È¥í¥°¥¤¥óÍѤθø³«¸°¤ò°ì¸µ´ÉÍý¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£

¥µ¡¼¥Ó¥¹¤Ï¡¢£±¥æ¡¼¥¶¤«¤éÍøÍѲÄǽ¤Ç¡¢£±¥æ¡¼¥¶¤Î´ðËÜÎÁ¶â·î³Û150±ß¤«¤é¤ÈÄ㥳¥¹¥È¤Ç¤Î¤´ÍøÍѤ¬²Äǽ¤Ç¤¹¡£¥³¥¹¥ÈŪ¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤äÅý¹çID´ÉÍý¤ÎƳÆþ¤¬Æñ¤·¤«¤Ã¤¿Ãæ¾®´ë¶ÈÍͤˤ⡢¤´ÍøÍѤ·¤ä¤¹¤¤²Á³Ê¤È¤Ê¤Ã¤Æ¤ª¤ê¤Þ¤¹¡£

SeciossLink¤Ï¡¢AWS¾å¤Ç±¿ÍѤ·¤Æ¤ª¤ê¡¢¾®µ¬ÌϤ«¤éÂ絬ÌϤʤªµÒÍͤޤǽÀÆð¤ËÂбþ²Äǽ¤Ç¤¹¡£

µ¡Ç½

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

• ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
  SAML¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ç¤¹¡£SAML¤Ë̤Âбþ¤Î¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ¤Ï¡¢Secioss Identity Suite Cloud Edition SP¤ò³Æ¥·¥¹¥Æ¥à¤ËƳÆþ¤¤¤¿¤À¤¯¤³¤È¤Ç¡¢¥·¥¹¥Æ¥à¦¤Î¥«¥¹¥¿¥Þ¥¤¥º¤ò¹Ô¤¦¤³¤È¤Ê¤¯¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

• ÂåÍýǧ¾Ú
  ÂåÍýǧ¾Ú¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ç¤¹¡£SAML̤Âбþ¤ÎSaaS¡¢ASPÅù¡¢Secioss Identity Suite Cloud Edition¤òƳÆþ¤¹¤ë¤³¤È¤¬º¤Æñ¤Ê¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ¤â¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ç¤¹¡£

• ¥¹¥Þ¡¼¥È¥Õ¥©¥ó¡¢PC¡¢·ÈÂÓÅÅÏäÎüËöǧ¾Ú
  ¥¹¥Þ¡¼¥È¥Õ¥©¥ó¡ÊAndroid¡¢iPhone¡Ë¡¢·ÈÂÓÅÅÏá¢PC¤Ë´Ø¤·¤Æµö²Ä¤µ¤ì¤¿¥æ¡¼¥¶¤ÎüËö¤Î¤ß¥í¥°¥¤¥ó¤òµö²Ä¤·¤Þ¤¹¡£Ç§¾Ú¥ë¡¼¥ëµ¡Ç½¤ÈÁȤ߹ç¤ï¤»¤ë¤³¤È¤Ç¡¢¥µ¡¼¥Ó¥¹¤òÍøÍѤǤ­¤ë¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤ÎÀ©¸Â¤ä¡¢¼Ò³°¤«¤é¥Î¡¼¥ÈPC¤Ê¤É¤Ç¥µ¡¼¥Ó¥¹¤òÍøÍѤ¹¤ëºÝ¤ÎPC¤ÎÀ©¸Â¤ò¹Ô¤¦¤³¤È¤¬²Äǽ¤Ç¤¹¡£

• ǧ¾Ú¥ë¡¼¥ë
  ǧ¾Ú¤Ë¤Ï¡¢ID/¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Î¾¤Ë¼ÒÆâ¤ÎActive Directory¤Ë¤è¤ëǧ¾Ú¤òÁªÂò¤¹¤ë¤³¤È²Äǽ¤Ç¤¹¡£Active Directoryǧ¾Ú¤ò¹Ô¤¦¾ì¹ç¡¢¼ÒÆâ¤Ë¥ª¡¼¥×¥ó¥½¡¼¥¹¤ÎSecioss Identity Suite Cloud Edition  IdP¤òƳÆþ¤¤¤¿¤À¤­¤Þ¤¹¡£

• ¥Ñ¥¹¥ï¡¼¥É¥Ý¥ê¥·¡¼
  ¥Ñ¥¹¥ï¡¼¥É¥Ý¥ê¥·¡¼¤ÎÀßÄ꤬²Äǽ¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤Îʸ»úÎó¤äÍúÎò¿ô¡¢Í­¸ú´ü´Ö¡¢¤½¤·¤Æǧ¾Ú¼ºÇÔ»þ¤Î¥¢¥«¥¦¥ó¥È¥í¥Ã¥¯¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ 

• ¥¢¥¯¥»¥¹À©¸æ
  ¥æ¡¼¥¶¡¢¥°¥ë¡¼¥×¡¢Ç§¾ÚÊý¼°¡¢¥¯¥é¥¤¥¢¥ó¥È¤ÎIP¥¢¥É¥ì¥¹¡¢»þ´ÖÂӤˤè¤ë¥¢¥¯¥»¥¹À©¸æ¤¬²Äǽ¤Ç¤¹¡£

• ¥í¥°¥¤¥óÍúÎò
  ¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó¡¢¥í¥°¥¢¥¦¥È¡¢Google Apps¤äSalesforce¤Ø¤Î¥í¥°¥¤¥ó¤Ë´Ø¤¹¤ë¥í¥°¤òWeb¤«¤é¸¡º÷¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

Åý¹çID´ÉÍý

• IDƱ´ü
  Google Apps¤äSalesforceÅù¤ÎSaaS¥µ¡¼¥Ó¥¹¤ä¥ª¥ó¥×¥ì¥ß¥¹¤Î¥·¥¹¥Æ¥à¤ÈID¤ÎƱ´ü¤ò¹Ô¤¦¤³¤È¤¬²Äǽ¤Ç¤¹¡£¥æ¡¼¥¶Ã±°Ì¤ÇID¤ÎƱ´üÂоݤȤ¹¤ë¥·¥¹¥Æ¥à¤ò»ØÄꤹ¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£
  ¥ª¥ó¥×¥ì¥ß¥¹¤Î¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ¤Ï¡¢³Æ¥·¥¹¥Æ¥à¤ËSecioss Identity Suite Cloud Edition SP¤òƳÆþ¤¤¤¿¤À¤­¤Þ¤¹¡£

• Active DirectoryÏ¢·È
  ¼ÒÆâ¤ÎActive Directory¤«¤éID¤òƱ´ü¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£
  ¤½¤Î¾ì¹ç¡¢¼ÒÆâ¤ËSecioss Identity Suite Cloud Edition IdP¤òƳÆþ¤¤¤¿¤À¤­¤Þ¤¹¡£  

• LDAPÏ¢·È¡Ê¸ø³«¸°´ÉÍý¡Ë
  AWS¡¢Nifty CloudÅù¤Î¥¯¥é¥¦¥É´Ä¶­¤ÎLinux¥¢¥«¥¦¥ó¥È¤Èssh¥í¥°¥¤¥óÍѤθø³«¸°¤òLDAP¤Ë¤è¤ê°ì¸µ´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

• ¥æ¡¼¥¶¥»¥ë¥Õ¥µ¡¼¥Ó¥¹
  ¥æ¡¼¥¶¥»¥ë¥Õ¥µ¡¼¥Ó¥¹¤È¤·¤Æ¡¢¥æ¡¼¥¶¤Ë¤è¤ë¥Ñ¥¹¥ï¡¼¥ÉÊѹ¹¡¢ssh¥í¥°¥¤¥óÍѸø³«¸°¤ÎÅÐÏ¿¤¬²Äǽ¤Ç¤¹¡£

• ¹¹¿·ÍúÎò
  SeciossLink¤Î¥æ¡¼¥¶¡¢¥°¥ë¡¼¥×¤À¤±¤Ç¤Ê¤¯¡¢Google Apps¤äSalesforceÅù¤Î³Æ¥µ¡¼¥Ó¥¹¤Î¥æ¡¼¥¶¡¢¥°¥ë¡¼¥×¤ËÂФ¹¤ë¹¹¿·¤Î¥í¥°¤òWeb¤«¤é¸¡º÷¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥¢¥×¥ê¥±¡¼¥·¥ç¥óÏ¢·È

• Google GadgetÏ¢·È
  Secioss Identity Suite Cloud Edition SP¤ò³Æ¥·¥¹¥Æ¥à¤ËƳÆþ¤¤¤¿¤À¤¯¤³¤È¤Ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¦¤Î¥«¥¹¥¿¥Þ¥¤¥º¤ò¹Ô¤¦¤³¤È¤Ê¤¯¡¢2-legged OAuth¤Ë¤è¤ê¡¢Google Gadget¤È¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎÏ¢·È¤¬²Äǽ¤È¤Ê¤ê¡¢Google Apps¤Î¥Ý¡¼¥¿¥ë²èÌ̤«¤é¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¤ò»²¾È¡¢¹¹¿·¤¹¤ë¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

¥·¥¹¥Æ¥à¹½À®

¥µ¡¼¥Ó¥¹²Á³Ê

¡¦¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¦Åý¹çID´ÉÍý ´ðËÜÎÁ¶â¡§¡¡150±ß¡Ê£±¥æ¡¼¥¶·î³Û¡Ë

¡¦¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¦IDÏ¢·È 1¥·¥¹¥Æ¥à¡§ 15±ß¡Ê£±¥æ¡¼¥¶·î³Û¡Ë
¡¡¢¨ ÂåÍýǧ¾Ú¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ë¤Ä¤¤¤Æ¤Ï¡¢´ðËÜÎÁ¶â¤Î¤ß¤ÇÊÌÅÓ¥·¥¹¥Æ¥àñ°Ì¤ÎÈñÍѤÏɬÍפ´¤¶¤¤¤Þ¤»¤ó¡£  

¢¨ °Ê²¼¤Îµ¡Ç½¤Ï¡¢´ðËÜÎÁ¶â¤Ë´Þ¤Þ¤ì¤Þ¤¹¡£
¡¡ ¡¦Google Apps¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¦IDÏ¢·È
¡¡ ¡¦Active Directoryǧ¾ÚÍѤÎActive Directory¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¦IDÏ¢·È

¢¨ üËöǧ¾Ú¤Ï¡¢¥ª¥×¥·¥ç¥óµ¡Ç½¤È¤Ê¤ê¤Þ¤¹¡£²Á³Ê¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤«¤é¤ªÌä¹ç¤»²¼¤µ¤¤¡£

¢¨ Secioss Identity Suite Cloud Edition¤ÎƳÆþ¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢ÊÌÅÓÈñÍѤò¤¬É¬ÍפȤʤê¤Þ¤¹¡£

Âбþ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

¥×¥é¥¤¥Ù¡¼¥È CA Gléas¡ÊJCCH¡¦¥»¥­¥å¥ê¥Æ¥£¡¦¥½¥ê¥å¡¼¥·¥ç¥ó¡¦¥·¥¹¥Æ¥à¥º¡Ë

Gléas ¤¬¡¢SeciossLink ¤ËÂбþ¤·¤¿¤³¤È¤Ë¤è¤ê¡¢PC ¤ª¤è¤Ó iPhone / iPad ¤«¤é¡¢Google Apps ¡¦ Salesforce¤Ê¤É¤Î¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤Ë²Ã¤¨¡¢¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥É¡¢¼ÒÆâ¤Î¥ª¥ó¥×¥ì¥ß¥¹¥·¥¹¥Æ¥à¤Ê¤É¤Î½ÅÍפʼÒÆâ¾ðÊó»ñ»º¤Ø¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÎºÝ¤Ë¡¢ÅŻҾÚÌÀ½ñ¤Ë¤è¤ë¸·³Ê¤Êǧ¾Ú¶¯²½¤¬²Äǽ¤È¤Ê¤ê¤Þ¤·¤¿¡£ÅŻҾÚÌÀ½ñ¤òüËö¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤ÇüËö¤Îǧ¾Ú¤ò¡¢ÅŻҾÚÌÀ½ñ¤ò USB ¥È¡¼¥¯¥ó¤ä IC ¥«¡¼¥É¤Ê¤É¤Î¥»¥­¥å¥ê¥Æ¥£¥Ç¥Ð¥¤¥¹¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤Ç¿Í¤Îǧ¾Ú¤ò¼Â¸½¤Ç¤­¤Þ¤¹¤Î¤Ç¡¢´ë¶È¤Î¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¡¼¤Ë¹ç¤ï¤»¤Æ½ÀÆð¤Êǧ¾Ú¥Ý¥ê¥·¡¼¤òÀ߷פ¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£
¾ÜºÙ

¥Þ¥Ë¥å¥¢¥ë

SeciossLink¤Î»ÈÍÑÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥Þ¥Ë¥å¥¢¥ë¤ò¤´Í÷²¼¤µ¤¤¡£

¡¦´ÉÍý¼Ô¥¬¥¤¥É

¡¦¥æ¡¼¥¶¥¬¥¤¥É

Ìä¹ç¤»

ËÜ¥µ¡¼¥Ó¥¹¤Ë´Ø¤¹¤ë¤ªÌä¹ç¤»¤Ï¤³¤Á¤é¤«¤é¤ª´ê¤¤¤·¤Þ¤¹¡£

¡ãƳÆþºî¶È¡ä

Åö¼Ò¤Ï¡¢SNS ¥µ¡¼¥Ó¥¹¤ä³Ø½¬´ÉÍý¥·¥¹¥Æ¥à¤Ê¤É¤ò´Þ¤á¤¿¥Ý¡¼¥¿¥ë¥·¥¹¥Æ¥àÁ´ÂΤËShibboleth ¤ÎƳÆþ¤ò¹Ô¤¤¤Þ¤·¤¿¡£Ç§¾Ú¥µ¡¼¥Ð¤Ë¤ª¤¤¤Æ¤â´û¸¥·¥¹¥Æ¥à¤«¤éShibboleth ¤Ë°Ü¹Ô¤·¤Æ¤¤¤Þ¤¹¡£
¤Þ¤¿¡¢º£²óDS ¤âƳÆþ¤·¤Æ¤ª¤ê¡¢Æȼ«¤Î¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¤ò¹½ÃÛ¤·¤Æ¤¤¤Þ¤¹¡£

¡ãƳÆþ¥á¥ê¥Ã¥È¡ä

Æȼ«¤Î¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¤ò¹½ÃÛ¤¹¤ë»ö¤Ë¤è¤ê¡¢²ÃÌÁ¤·¤Æ¤¤¤ë¶µ°éµ¡´Ø¤Ï³ØÆâ¤ËShibboleth-IdP ¤ò¹½ÃÛ¤¹¤ë»ö¤Ë¤è¤Ã¤Æ¡¢¥Ý¡¼¥¿¥ë¥·¥¹¥Æ¥à¤È¤Î¥í¥°¥¤¥óǧ¾ÚÏ¢·È¤¬¹Ô¤¨¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

Secioss Identity Suite Cloud Edition¡Ê°Ê¹ßIdentity Suite Cloud¤È¤·¤Þ¤¹¡Ë¤ò¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËƳÆþ¤¹¤ë¤³¤È¤Ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤Æ°Ê²¼¤Îµ¡Ç½¤ò´Êñ¤ËÄɲ乤뤳¤È¤Ç¤­¤Þ¤¹¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
SAML¤ÎService Provider¤È¤·¤ÆÆ°ºî¤·¡¢SAML¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¤¤Þ¤¹¡£¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏIdentity Suite Cloud¤ÎÂåÍýǧ¾Úµ¡Ç½¤Ë¤è¤ê´Êñ¤ËSAMLǧ¾Úµ¡Ç½¤òÁȤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

IDƱ´ü
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎID´ÉÍýÍÑSOAP API¤òÄ󶡤·¡¢SOAP·Ðͳ¤Ç¤ÎID´ÉÍý¤ä¥µ¥¤¥È´Ö¤Ç¤ÎIDƱ´ü¤ò¼Â¸½¤·¤Þ¤¹¡£Identity Suite Cloud¤Ï¡¢Äê´üŪ¤ËSOAP API¤Ç¹¹¿·¥Ç¡¼¥¿¤ò¼èÆÀ¤·¡¢LISM¤Ë¤è¤ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤ØÈ¿±Ç¤·¤Þ¤¹¡£

Google Gadget¤Ë¤è¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥óÏ¢·È
¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈÏ¢·È¤·¤Æ¡¢2-legged OAuth¤Ë¤è¤êGoogle Gadget¤«¤é¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ¹¤ë¥¢¥¯¥»¥¹¤Îǧ²Ä¤ò¹Ô¤¤¤Þ¤¹¡£
Google Gadget¤Ë¤è¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥óÏ¢·È¤Ï¡¢Identity Suite Cloud V3.1¤«¤é»ÈÍѲÄǽ¤Ç¤¹¡£

¥é¥¤¥»¥ó¥¹

Identity Suite Cloud¤Ï¡¢¥Ð¡¼¥¸¥ç¥ó3.0¤Þ¤Ç¤Î¥½¥Õ¥È¥¦¥§¥¢¤ò¥ª¡¼¥×¥ó¥½¡¼¥¹¤È¤·¤ÆGPL¥é¥¤¥»¥ó¥¹¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£
¡¦¥×¥í¥¸¥§¥¯¥È¥µ¥¤¥È¡§http://sourceforge.jp/projects/secioss-auth/
¡¦¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¡§http://lists.sourceforge.jp/mailman/listinfo/secioss-auth-users

Identity Suite Cloud¤Î¥Ð¡¼¥¸¥ç¥ó3.1°Ê¹ß¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ë¤ªÌä¹ç¤»²¼¤µ¤¤¡£

¾¦ÍÑ¥µ¡¼¥Ó¥¹

Identity Suite Cloud¤Ë´Ø¤¹¤ë¥³¥ó¥µ¥ë¥Æ¥£¥ó¥°¡¢Êݼ饵¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ø¤ªÌä¹ç¤»²¼¤µ¤¤¡£
¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Îǧ¾Ú¥µ¡¼¥Ð¡¢¥¢¥«¥¦¥ó¥ÈƱ´ü¤ÎÅý¹çID´ÉÍý¥µ¡¼¥Ð¤¬SeciossLink¡¢¤Þ¤¿¤ÏSecioss Access Manager Enterprise Edition¡¢Secioss Identity Manager¤Î¾ì¹ç¤Ï¡¢Ìµ½þ¤ÇÊݼ饵¡¼¥Ó¥¹¤òÄ󶡤¤¤¿¤·¤Þ¤¹¡£

1. ¥¤¥ó¥¹¥È¡¼¥ë

Identity Suite Cloud SP¤Î¿ä¾©´Ä¶­¤Ï°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£
¡¦OS¡§ CentOS 5¡¢RedHat Enterprise Linux 5
¡¦Web¥µ¡¼¥Ð¡§ Apache 2.2

º£²ó¤Î¥¤¥ó¥¹¥È¡¼¥ë´Ä¶­¤È¤·¤Æ¤Ï¡¢Linux¤ÎCentOS 5¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£
¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Îǧ¾Ú¥µ¡¼¥Ð¡¢Åý¹çID´ÉÍý¥µ¡¼¥Ð¤Ï¡¢ÊÀ¼ÒSaaS¥µ¡¼¥Ó¥¹SeciossLink¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£

¤Þ¤¿¡¢º£²ó¤Ï¥ª¥ó¥×¥ì¥ß¥¹¤Î¥·¥¹¥Æ¥à¤Ø¤ÎƳÆþ¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£SaaS·¿¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ø¤ÎƳÆþ¤ò¸¡Æ¤¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¤³¤Á¤é¤ò¤´Í÷²¼¤µ¤¤¡£

1.1  ɬÍפʥ½¥Õ¥È¥¦¥§¥¢¤Î¥¤¥ó¥¹¥È¡¼¥ë

# yum install libtool-ltdl
# yum install perl-LDAP
# yum install perl-DBI
# yum install perl-DBD-Pg
# yum install perl-XML-LibXML
# yum install perl-XML-Simple
# yum install perl-TimeDate
# yum install php-pear
# yum install php-xml
# yum install php-soap 

1.2 Identity Suite Cloud SP

http://sourceforge.jp/projects/secioss-auth/releases/¤«¤ésecioss-idsuite-cloud-sp-2.0.x.tgz¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£

secioss-idsuite-cloud-sp¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
# tar zxvf secioss-idsuite-cloud-sp-3.0.x.tgz
# cd secioss-idsuite-cloud-sp-3.0.x
# ./install.sh install

¤Þ¤¿¡¢¥Ñ¥Ã¥±¡¼¥¸¤ò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# ./install.sh update

1.3 Basicǧ¾Ú¤ÎÀßÄê

Basicǧ¾Ú¤ÎID/¥Ñ¥¹¥ï¡¼¥É¤òÅÐÏ¿¤·¤Þ¤¹¡£
# htpasswd -c /var/www/conf/.htpasswd <ID>

1.4 ¥í¥°¤ÎÀßÄê

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈIDƱ´ü¤Î¥í¥°¤Ï¡¢¤½¤ì¤¾¤ìsyslog¤Îlocal5¡¢local4¤Ë½ÐÎϤ·¤Þ¤¹¡£
/etc/syslog.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ¡¢syslog¥Ç¡¼¥â¥ó¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£

local5.*                                         -/var/log/auth.log
local4.*                                         -/var/log/lism.log

2. ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

2.1 SAMLǧ¾Ú¤ÎÀßÄê

SAMLǧ¾Ú¡ÊSP¡Ë¤ÎÀßÄê¤ò¹Ô¤¦¤Ë¤Ï¡¢°Ê²¼¤Î¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# ./config.sh sso
¡¦Ç§¾Ú¥µ¡¼¥Ó¥¹¤ÎURL¡§ ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦Ç§¾Ú¥µ¡¼¥Ó¥¹¤ÎURL
  ¢¨https://slink.secioss.com¤Î¾ì¹ç¤ÏÆþÎÏÉÔÍפǤ¹¡£
¡¦¥Æ¥Ê¥ó¥ÈID¡§¡¡Ç§¾Ú¥µ¡¼¥Ó¥¹¤Î¥Æ¥Ê¥ó¥ÈID
¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¡§ ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÂоݤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL
  ¢¨¥Ñ¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢ºÇ¸å¤Ë"/"¤òÉղ䷤Ʋ¼¤µ¤¤¡£
¡¦¥»¥Ã¥·¥ç¥ó¤Î¥¯¥Ã¥­¡¼Ì¾¡§¡¡¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥»¥Ã¥·¥ç¥ó¤òÊÝ»ý¤¹¤ë¥¯¥Ã¥­¡¼Ì¾
¡¦ ¥Ñ¥¹¥ï¡¼¥É¤ÎƱ´ü[1.¤¹¤ë|2.¤·¤Ê¤¤]¡§¡¡¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ç¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¥í¥°¥¤¥ó¤·¤¿ºÝ¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤È¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ñ¥¹¥ï¡¼¥É¤òƱ´ü¤¹¤ë¤«¤É¤¦¤«»ØÄꤷ¤Þ¤¹¡£
¡¡¢¨¤³¤Îµ¡Ç½¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢”3. IDƱ´ü”¤ÎÀßÄ꤬ºÑ¤ó¤Ç¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¡¦¥¢¥¯¥»¥¹À©¸Â[1.¤¹¤ë|2.¤·¤Ê¤¤]¡§¡¡¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤È°Û¤Ê¤ë¥Ñ¥¹¥ï¡¼¥É¤ËÊѹ¹¤¹¤ë¤³¤È¤Ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥í¥°¥¤¥ó²èÌ̤«¤é¤ÏľÀÜ¥í¥°¥¤¥ó¤Ç¤­¤Ê¤¤¤è¤¦¤Ë¤·¤Þ¤¹¡£Ç§¾Ú¥µ¡¼¥Ó¥¹¤Ç¤³¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤Æ¥¢¥¯¥»¥¹À©¸æ¤ò¹Ô¤¦¾ì¹ç¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£

¼¡¤ËSAMLǧ¾ÚÍѤÎÈëÌ©¸°¤È¸ø³«¸°¤òºîÀ®¤·¤Þ¤¹¡£
°Ê²¼¤ÏOpenSSL¤Ë¤è¤ëÈëÌ©¸°¤È¸ø³«¸°¤ÎºîÀ®¼ê½ç¤Ç¤¹¡£
­¡ ÈëÌ©¸°¤òºîÀ®¤·¤Þ¤¹¡£
# cd /etc/pki/tls/certs
# make test.key
ÈëÌ©¸°¤«¤é¥Ñ¥¹¥ï¡¼¥É¤òºï½ü¤·¤Þ¤¹¡£
# openssl rsa -in test.key -out test.key

­¢ ¸ø³«¸°¤òºîÀ®¤·¤Þ¤¹¡£
# make test.crt
Country Name (2 letter code) [GB]:JP¡¡←¡¡¹ñ̾
State or Province Name (full name) [Berkshire]:Tokyo¡¡←¡¡ÅÔÆ»Éܸ©Ì¾
Locality Name (eg, city) [Newbury]:Bunkyo¡¡←¡¡»Ô¶èĮ¼̾
Organization Name (eg, company) [My Company Ltd]:TEST, Inc¡¡←¡¡²ñ¼Ò̾
Organizational Unit Name (eg, section) []:¡¡←¡¡¶õENTER
Common Name (eg, your name or your server's hostname) []:sp.test.co.jp¡¡←¡¡¥Û¥¹¥È̾
Email Address []:admin@test.co.jp¡¡←¡¡´ÉÍý¼Ô¥á¡¼¥ë¥¢¥É¥ì¥¹

ÈëÌ©¸°¤Ï¡¢"/usr/share/simplesamlphp/cert/PrivateKey.pem"¤Ë¥³¥Ô¡¼¤·¤Æ¡¢½êÍ­¼Ô¤òapache¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£
# chown apache /usr/share/simplesamlphp/cert/PrivateKey.pem

ºÇ¸å¤ËApache¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£
# /etc/init.d/httpd restart

2.2 ÂåÍýǧ¾Ú¤ÎÀßÄê

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¼«Æ°¤Ç¥í¥°¥¤¥ó¤¹¤ë¤¿¤á¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£

ÀßÄê¥Õ¥¡¥¤¥ë¤Ï¡¢"/var/www/conf/<¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾¡ÊÁ´¤Æ¾®Ê¸»ú¡Ë>.ini"¤È¤·¤ÆºîÀ®¤·¤Æ²¼¤µ¤¤¡£
°Ê²¼¤ÏSugarCRMÍѤÎÀßÄêÎã¤Ç¤¹¡£

[url]
login = "https://sp.example.com/SugarCE/index.php?action=Login&module=Users"
back = "/SugarCE/"

[postName]
username = user_name
password = user_password

[postData]
module = Users
action = Authenticate
return_module = Users
return_action = Login
cant_login = ""
login_module = ""
login_action = ""
login_record = ""
login_theme = Sugar
login_language = ja
login_button = "  ¥í¥°¥¤¥ó  "

[postData]¤Ë¤Ï¡¢POST¤¹¤ë¥Ç¡¼¥¿¤ÎÊÑ¿ô̾¤ÈÃͤÎÁȤ߹ç¤ï¤»¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£   

2.3 Ç§¾Ú¥µ¡¼¥Ó¥¹¤ÎÀßÄê

<ǧ¾Ú¥µ¡¼¥Ó¥¹¤ÎURL>/tenantadmin/¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤Ç¥í¥°¥¤¥ó¤·¤Þ¤¹¡£
²èÌ̾åÉô¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¥¯¥ê¥Ã¥¯¤·¤«¤é¡¢º¸Â¦¥á¥Ë¥å¡¼¤Î”SAML ¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À”¤ò¥¯¥ê¥Ã¥¯¤·¤Æ²¼¤µ¤¤¡£
”¿·µ¬ÅÐÏ¿”¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¡¢SP¤ÎÀßÄê¤òÅÐÏ¿¤·¤Þ¤¹¡£
¡¦¥µ¡¼¥Ó¥¹¡§¡¡¥µ¡¼¥Ó¥¹ID¤òÁªÂò¤·¤Æ²¼¤µ¤¤¡£
¡¦¥µ¡¼¥Ó¥¹Ì¾¡§¡¡SP¤Î¥µ¡¼¥Ó¥¹Ì¾¡ÊǤ°Õ¤ÎÃ͡ˤòÀßÄꤷ¤Æ²¼¤µ¤¤¡£
¡¦URL¡§¡¡2.1¹à¤ÇÀßÄꤷ¤¿¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£
¡¦¥æ¡¼¥¶ID¤Î°À­¡§¡¡SP¤ËÅϤ¹¥æ¡¼¥¶ID¤Î°À­¤òÁªÂò¤·¤Æ²¼¤µ¤¤¡£
¡¦°Å¹æ²½ÍѸø³«¸°¡§¡¡2.1¹à¤ÇºîÀ®¤·¤¿¸ø³«¸°¤òÅÐÏ¿¤·¤Æ²¼¤µ¤¤¡£
¡¦¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À¤Î¥Ñ¥¹¥ï¡¼¥É¡§
¡¡- ¤Ê¤·¡§ ¥Ñ¥¹¥ï¡¼¥É¤òÁ÷¿®¤·¤Ê¤¤
¡¡- ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Î¥Ñ¥¹¥ï¡¼¥É¡§ ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Î¥Ñ¥¹¥ï¡¼¥É¤òÁ÷¿®
¡¡- ¥µ¡¼¥Ó¥¹¸ÄÊ̤Υѥ¹¥ï¡¼¥É¡§ ¥µ¡¼¥Ó¥¹¸ÄÊ̤Υѥ¹¥ï¡¼¥É¤òÁ÷¿®
¡¡- ¥é¥ó¥À¥à¥Ñ¥¹¥ï¡¼¥É¡§ ¥é¥ó¥À¥à¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÁ÷¿®
¡¡¢¨¥é¥ó¥À¥à¥Ñ¥¹¥ï¡¼¥É¤òÀßÄꤷ¤¿¾ì¹ç¡¢”2.1 SAMLǧ¾Ú”¤ÎÀßÄê¤Ç”¥¢¥¯¥»¥¹À©¸Â”¤ò”1.¤¹¤ë”¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£ 

3. IDƱ´ü

3.1  IDƱ´ü¤ÎÀßÄê

Identity Suite Cloud¤Ï¡¢LISM¤Ë¤è¤Ã¤ÆÄê´üŪ¤ËSeciosLink¤«¤é¹¹¿·¥Ç¡¼¥¿¤ò¼èÆÀ¤·¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤äLDAP¤Î¥¢¥«¥¦¥ó¥È¤ò¹¹¿·¤·¤Þ¤¹¡£

ºÇ½é¤Ë¡¢°Ê²¼¤Î¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# ./config.sh idm
¡¦Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤ÎURL¡§ Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤ÎURL
  ¢¨https://slink.secioss.com¤Î¾ì¹ç¤ÏÆþÎÏÉÔÍפǤ¹¡£
¡¦¥Æ¥Ê¥ó¥ÈID¡§¡¡Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤Î¥Æ¥Ê¥ó¥ÈID
¡¦´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È̾¡§¡¡Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤ËÀܳ¤¹¤ë´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È̾
¡¦´ÉÍý¼Ô¥Ñ¥¹¥ï¡¼¥É¡§¡¡´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É
¡¦Æ±´ü¤ÎÊý¸þ[1.Åý¹çID´ÉÍý -> ¥µ¡¼¥Ó¥¹|2.¥µ¡¼¥Ó¥¹ -> Åý¹çID´ÉÍý]
¡¡¢¨2¤òÁªÂò¤·¤¿¾ì¹ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¦¤ÎDB¤¬ID¤Î¸¶ËܤȤʤê¤Þ¤¹¡£
°Ê²¼¤Ï¡¢Æ±´ü¤ÎÊý¸þ¤Ç1¤òÁªÂò¤·¤¿¾ì¹ç¤Î¤ß¡¢ÀßÄꤷ¤Þ¤¹¡£
¡¦¥µ¡¼¥Ó¥¹ID¡§¡¡2.3¹à¤Î¥µ¡¼¥Ó¥¹ID¡Ê¥Æ¥Ê¥ó¥ÈID¤Ï½ü¤¯¡Ë
¡¦¥æ¡¼¥¶ID¤Î°À­ [1.¥æ¡¼¥¶ID|2.¥æ¡¼¥¶ID@¥Æ¥Ê¥ó¥ÈID|3.¥á¡¼¥ë¥¢¥É¥ì¥¹|4.¼Ò°÷ÈÖ¹æ|5.¥µ¡¼¥Ó¥¹¸ÄÊÌ¤Î¥í¥°¥¤¥óID]¡§¡¡ IDƱ´üÂоݤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥æ¡¼¥¶ID¤Ë»ÈÍѤ¹¤ë°À­¤òÈÖ¹æ¤Ç»ØÄê

LISM¤ÎÀßÄê¥Õ¥¡¥¤¥ë¡ÊƱ´ü¤ÎÊý¸þ¤¬1¤Î¾ì¹ç/opt/secioss/etc/lism.conf¡¢2¤Î¾ì¹ç/opt/secioss/etc/lism-idp.conf¡Ë¤Ë¡¢¹¹¿·ÂоݤΥǡ¼¥¿¥Ù¡¼¥¹¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
http://<¥Û¥¹¥È̾>/lism/ ¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢¥Ç¡¼¥¿¥Ù¡¼¥¹¤ÎÀßÄê¤ÈLDAP¤Î°À­¤ÈDB¤Î¥Õ¥£¡¼¥ë¥É¤Î¥Þ¥Ã¥Ô¥ó¥°¤ò¹Ô¤¤¡¢Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤ÈƱ´ü¤¹¤ë°À­¤Ë¥Á¥§¥Ã¥¯¤ò¤·¤Æ²¼¤µ¤¤¡£

³Æ°À­¤Î°ÕÌ£¤Ï°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£ 
¡¦primary key¡§ DB¤Î¥×¥é¥¤¥Þ¥ê¥­¡¼
¡¦uid¡§ ¥æ¡¼¥¶ID
¡¦cn¡§ »á̾
¡¦sn¡§ À«
¡¦givenname¡§ ̾
¡¦cn;lang-ja;phonetic¡§ »á̾¡Ê¤«¤Ê¡Ë
¡¦sn;lang-ja;phonetci¡§ À«¡Ê¤«¤Ê¡Ë
¡¦givenname;lang-ja;phonetic¡§ ̾¡Ê¤«¤Ê¡Ë
¡¦mail¡§ ¥á¡¼¥ë¥¢¥É¥ì¥¹
¡¦userpassword¡§ ¥Ñ¥¹¥ï¡¼¥É
¡¦createtimestamp¡§ ÅÐÏ¿Æü»þ
¡¦modifytimestamp¡§ ¹¹¿·Æü»þ
"primary key"¡¢"uid"¡¢"sn"¤Ë¤Ä¤¤¤Æ¤Ï¡¢É¬¤ºDB¤Î¥Õ¥£¡¼¥ë¥É¤È¤Î¥Þ¥Ã¥Ô¥ó¥°¤ò¹Ô¤Ã¤Æ²¼¤µ¤¤¡£
 ¤µ¤é¤Ë¡¢"sn"¤Ë¤Ä¤¤¤Æ¤Ï¡¢É¬¤ºÆ±´ü¤Ë¥Á¥§¥Ã¥¯¤ò¤·¤Æ²¼¤µ¤¤¡£

lism.conf¡¢¤Þ¤¿¤Ïlism-idp.conf¤ÎÀßÄê¤Ç¡¢ÀßÄê²èÌ̤«¤éÀßÄê¤Ç¤­¤Ê¤¤¹àÌܤ¬¤¢¤ë¾ì¹ç¤Ï¡¢Ä¾ÀÜÀßÄê¥Õ¥¡¥¤¥ë¤ò½¤Àµ¤·¤Æ²¼¤µ¤¤¡£LISM¤ÎÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢LISM¤Î¥µ¥¤¥È¤ò¤´Í÷²¼¤µ¤¤¡£ 

SugarCRM¤òÎã¤È¤·¤ÆLISM¤ÎÀßÄê¤òÎ㼨¤·¤Þ¤¹¡£ 

lism.conf

<config>
  <sync>
    <data name="SP">
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncfilter>(&amp;(!(seciossAccountStatus=deleted))(&amp;(objectClass=inetOrgPerson)(|(seciossAllowedService=sp01-secioss.co.jp)(seciossAllowedService;x-perm-group=sp01-secioss.co.jp))))</syncfilter>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>givenName</name>
        </syncattr>
        <syncattr>
          <name>sn;lang-ja;phonetic</name>
        </syncattr>
        <syncattr>
          <name>givenName;lang-ja;phonetic</name>
        </syncattr>
        <syncattr>
          <name>mail</name>
        </syncattr>
      </object>
    </data>
  </sync>
  <data name="SP">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>o=SP</rdn>
    </container>
    <handler name="Rewrite">
      <rewrite context="request" match="createtimestamp: *([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z" substitution="createtimestamp: %1-%2-%3 %4:%5:%6"/>
      <rewrite context="searchResult" match="createtimestamp: *([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})" substitution="createtimestamp: %1%2%3%4%5%6Z"/>
      <rewrite context="request" match="modifytimestamp: *([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z" substitution="modifytimestamp: %1-%2-%3 %4:%5:%6"/>
      <rewrite context="searchResult" match="modifytimestamp: *([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})" substitution="modifytimestamp: %1%2%3%4%5%6Z"/>
    </handler>
    <storage name="SQL" hash="MD5:hex">
      <libload>LISM/Utils/lism_util.pl</libload>
      <libload>LISM/Utils/lism_sugarcrm.pl</libload>
      <dsn>DBI:mysql:sugarcrm:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <initquery>set names utf8</initquery>
      <noop>delete</noop>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>users</table>
        <id>
          <column>id</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <oc>seciossIamAccount</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>user_name</column>
        </attr>
        <attr name="cn">
          <selexpr>ifnull(concat(last_name, ' ', first_name), last_name)</selexpr>
        </attr>
        <attr name="sn">
          <column>last_name</column>
        </attr>
        <attr name="givenname">
          <column>first_name</column>
        </attr>
        <attr name="title">
          <column>title</column>
        </attr>
        <attr name="department">
          <column>department</column>
        </attr>
        <attr name="userpassword">
          <column>user_hash</column>
        </attr>
        <attr name="homephone">
          <column>phone_home</column>
        </attr>
        <attr name="telephonenumber">
          <column>phone_work</column>
        </attr>
        <attr name="mobile">
          <column>phone_mobile</column>
        </attr>
        <attr name="facsimiletelephonenumber">
          <column>phone_fax</column>
        </attr>
        <attr name="ipphone">
          <column>phone_other</column>
        </attr>
        <attr name="street">
          <column>address_street</column>
        </attr>
        <attr name="l">
          <column>address_city</column>
        </attr>
        <attr name="st">
          <column>address_state</column>
        </attr>
        <attr name="c">
          <column>address_country</column>
        </attr>
        <attr name="postalcode">
          <column>address_postalcode</column>
        </attr>
        <attr name="createtimestamp">
          <column>date_entered</column>
        </attr>
        <attr name="modifytimestamp">
          <column>date_modified</column>
        </attr>
        <attr name="description">
          <column>description</column>
        </attr>
        <attr name="mail">
          <selexpr>email_address</selexpr>
          <fromtbls>email_addresses,email_addr_bean_rel</fromtbls>
          <joinwhere>email_addr_bean_rel.bean_id = users.id and email_addr_bean_rel.email_address_id = email_addresses.id</joinwhere>
          <addproc>insert into email_addresses values('%{createGuid()}', '%a', upper('%a'), 0, 0, now(), now(), 0)</addproc>
          <addproc>set @paddr=if((select count(*) from email_addr_bean_rel where bean_id = '%o'), 0, 1)</addproc>
          <addproc>insert into email_addr_bean_rel values('%{createGuid()}', (select id from email_addresses where email_addr
ess = '%a'), '%o', 'Users', @paddr, if(@paddr, 0, 1), now(), now(), 0)</addproc>
          <delproc>set @mailid=(select id from email_addresses where email_address = '%a' and id in (select email_address_id from email_addr_bean_rel where bean_id = '%o'))</delproc>
          <delproc>delete from email_addresses where id = @mailid</delproc>
          <delproc>delete from email_addr_bean_rel where bean_id = '%o' and email_address_id = @mailid</delproc>
        </attr>
        <attr name="manager">
          <oname>User</oname>
          <where>id = (select reports_to_id from users where id = '%o')</where>
          <addproc>update users set reports_to_id = '%a' where id = '%o'</addproc>
          <delproc>update users set reports_to_id = null where id = '%o'</delproc>
        </attr>
        <strginfo>
          <column>id</column>
          <value type="function">createGuid()</value>
        </strginfo>
        <strginfo>
          <column>status</column>
          <value type="constant">Active</value>
          <delproc>update users set status = 'Inactive' where id = '%o'</delproc>
        </strginfo>
        <strginfo>
          <addproc>insert into user_preferences values('%{createGuid()}', 'global', 0, now(), now(), '%o', '%{encode_base64(getFileContents("/opt/secioss/etc/sugarcrm-userpref.txt"), "")}')</addproc>
        </strginfo>
      </object>
    </storage>
  </data>
</config>

ÀßÄê¤Î³Îǧ¤Ï¡¢LISM¥µ¡¼¥Ð¤Î¥Ç¡¼¥â¥ó¤òµ¯Æ°¤·¤Æ¡¢¥Ç¡¼¥¿¤Î¸¡º÷¤ä¹¹¿·¤òLISM¤ËÂФ·¤Æ¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
¥Ç¡¼¥â¥ó¤òµ¯Æ°¤¹¤ë¾ì¹ç¤Ï¡¢°ì»þŪ¤Ë"<oc>seciossIamAccount</oc>"¤Î¹Ô¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤·¤Æ²¼¤µ¤¤¡£
# cp /opt/secioss/etc/openldap/slapd.conf.lism /opt/secioss/etc/openldap/slapd.conf
# /opt/secioss/sbin/slapd -h ldap://:3890 -u ldap -d256
# ldapseach -H ldap://:3890 -b 'dc=lism,dc=com'  # ¸¡º÷¤Î¾ì¹ç

4. Æ°ºî³Îǧ

4.1 IDƱ´ü¤Î³Îǧ

4.1.1 Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹->¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

”3.1 IDƱ´ü¤ÎÀßÄꔤÎƱ´ü¤ÎÊý¸þ¤Ç”1.Åý¹çID´ÉÍý -> ¥µ¡¼¥Ó¥¹”¤òÁªÂò¤·¤¿¾ì¹ç¤Ë¡¢°Ê²¼¤Îºî¶È¤ò¹Ô¤Ã¤Æ²¼¤µ¤¤¡£
Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤«¤éID¤Î¹¹¿·¥Ç¡¼¥¿¤ò¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËƱ´ü¤·¤Þ¤¹¡£
¡¡# /opt/secioss/sbin/idsync sp

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ¹¤ë¥Ç¡¼¥¿¤Î¹¹¿·¤Ï¹Ô¤ï¤º¤Ë¡¢¹¹¿·¥Ç¡¼¥¿¤Î³Îǧ¤Î¤ß¤·¤¿¤¤¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¡¢"/opt/secioss/var/lib/csv/user.csv"¤ÎÆâÍƤò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
¡¡# /opt/secioss/sbin/idsync -n sp

¤Þ¤¿¡¢º¹Ê¬¥Ç¡¼¥¿¤Î¥Á¥§¥Ã¥¯¤Î¤ß¹Ô¤¦¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
¡¡# perl C:\opt\secioss\sbin\idsync -r sp

Àµ¾ï¤Ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÂФ·¤ÆID¤ÎƱ´ü¤¬¹Ô¤¨¤ë¤³¤È¤ò³Îǧ¤Ç¤­¤¿¤é¡¢cron¤Ë1»þ´Ö¤Ë1²ó "/opt/secioss/sbin/idsync sp"¤ò¼Â¹Ô¤¹¤ë¤è¤¦¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£

4.1.2 ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó->Åý¹çID´ÉÍý¥µ¡¼¥Ó¥¹

”3.1 IDƱ´ü¤ÎÀßÄꔤÎƱ´ü¤ÎÊý¸þ¤Ç¡¢”2.¥µ¡¼¥Ó¥¹ -> Åý¹çID´ÉÍý”¤òÀßÄꤷ¤¿¾ì¹ç¡¢°Ê²¼¤Îºî¶È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤«¤éID¤Îº¹Ê¬¥Ç¡¼¥¿¤òÅý¹çID´ÉÍý¥µ¡¼¥Ó¥¹¤ËƱ´ü¤·¤Þ¤¹¡£
¡¡# /opt/secioss/sbin/idsync idp

¤Þ¤¿¡¢º¹Ê¬¥Ç¡¼¥¿¤Î¥Á¥§¥Ã¥¯¤Î¤ß¹Ô¤¦¾ì¹ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
¡¡# perl C:\opt\secioss\sbin\idsync -r idp 

4.2 ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Î³Îǧ  

"<¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎURL>/sso/autologin.php?sso_app=<2.2¹à¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾>"¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¹¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£

5. OAuth 2.0 + Restful API

OAuth 2.0 + Restful API¤òÀßÄꤹ¤ëÁ°¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈIDƱ´ü¤ÎÀßÄ꤬´°Î»¤·¤Æ¤¤¤ë¤â¤Î¤È¤·¤Þ¤¹¡£

5.1  OAuth¤ÎÀßÄê

ºÇ½é¤ËOAuthÍѤΥǡ¼¥¿¥Ù¡¼¥¹¤òºîÀ®¤·¤Þ¤¹¡£
¥Ç¡¼¥¿¥Ù¡¼¥¹¥µ¡¼¥Ð¤¬mysql¤Î¾ì¹ç¡¢°Ê²¼¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
# cd secioss-idsuite-cloud-sp-2.0.x
# mysql --user=<DB¥æ¡¼¥¶> --password=<DB¥Ñ¥¹¥ï¡¼¥É>
mysql> create database oauth2;
mysql> use oauth2;
mysql> source ./src/oauth2/mysql_create_tables.sql

¼¡¤ËOAuth¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
# ./config.sh oauth
¡¦¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¼ïÎà[1. mysql|2. PostgreSQL]¡§¡¡¥Ç¡¼¥¿¥Ù¡¼¥¹¥µ¡¼¥Ð¤Î¼ïÎà
¡¦¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥Û¥¹¥È̾¡§¡¡¥Ç¡¼¥¿¥Ù¡¼¥¹¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾
¡¦¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥æ¡¼¥¶¡§¡¡¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÀܳ¤¹¤ë¥æ¡¼¥¶
¡¦¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥Ñ¥¹¥ï¡¼¥É¡§¡¡¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÀܳ¤¹¤ë¥Ñ¥¹¥ï¡¼¥É

5.2  Restful API¤ÎÀßÄê

Restful API¤«¤é¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¤ò»²¾È²Äǽ¤È¤¹¤ëÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
°Ê²¼¤ÏMosP¤Î¶ÐÂÕ¾ðÊó¤ò»²¾È²Äǽ¤È¤¹¤ëÀßÄê¤Ç¤¹¡£

/opt/secioss/etc/lism_rest.conf

<config>
  <data name="MosP">
    <container>
      <oc>organization</oc>
      <rdn>ou=MosP</rdn>
    </container>
    <storage name="SQL" hash="MD5:hex:2">
      <libload>LISM/Utils/lism_util.pl</libload>
      <dsn>DBI:Pg:dbname=mospv4;host=localhost</dsn>
      <admin>usermosp</admin>
      <passwd>passmosp</passwd>
      <object name="User">
        <noop>add</noop>
        <noop>modify</noop>
        <noop>delete</noop>
        <table>pfm_user</table>
        <id>
          <column>pfm_user_id</column>
        </id>
        <oc>user</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>user_id</column>
        </attr>
      </object>
      <object name="Attendance">
        <container>
          <oname>User</oname>
          <joinwhere>pfm_user.personal_id = tmd_attendance.personal_id</joinwhere>
        </container>
        <subcontainer>
          <rdn>ou=Attendances</rdn>
          <oc>organizationalUnit</oc>
        </subcontainer>
        <noop>add</noop>
        <noop>modify</noop>
        <noop>delete</noop>
        <table>tmd_attendance</table>
        <id>
          <column>tmd_attendance_id</column>
        </id>
        <sort>work_date</sort>
        <oc>attendance</oc>
        <rdn>work_date</rdn>
        <attr name="work_date">
          <column>work_date</column>
          <type>date</type>
        </attr>
        <attr name="start_time">
          <column>start_time</column>
        </attr>
        <attr name="end_time">
          <column>end_time</column>
        </attr>
        <attr name="work_type">
          <selexpr>tmm_work_type.work_type_name</selexpr>
          <fromtbls>tmm_work_type</fromtbls>
          <joinwhere>tmd_attendance.work_type_code = tmm_work_type.work_type_code</joinwhere>
        </attr>
        <attr name="rest">
          <selexpr>rest_start || ' ' || rest_end</selexpr>
          <fromtbls>tmd_rest</fromtbls>
          <joinwhere>tmd_attendance.personal_id = tmd_rest.personal_id and tmd_attendance.work_date = tmd_rest.work_date</joinwhere>
        </attr>
      </object>
    </storage>
  </data>
</config>

Restful API¤Î¥Ñ¥¹¤ò"/cgi-bin/lism/attendance.cgi"¤È¤¹¤ë¾ì¹ç¡¢°Ê²¼¤ÎÀßÄê¤ò¹Ô¤Ã¤Æ²¼¤µ¤¤¡£
/etc/httpd.conf¤ÎÂÀ»ú¤Î²Õ½ê¤ò½¤Àµ¤·¤Æ²¼¤µ¤¤¡£

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Options FollowSymLinks
    Order allow,deny
    Allow from all
</Directory>

/var/www/cgi-bin/lism/lism_restapi.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ²¼¤µ¤¤¡£
attendancedn "ou=Attendances,uid=%u,ou=MosP"

Restful APIÍѤΥ·¥ó¥Ü¥ê¥Ã¥¯¥ê¥ó¥¯¤òºîÀ®¸å¡¢httpd¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£
# cd /var/www/cgi-bin/lism
# ln -s lism_rest.cgi attendance.cgi
# /etc/init.d/httpd restart

5.3  Àܳ³Îǧ

Restful APIÀܳ³ÎǧÍѤΥ¹¥¯¥ê¥×¥È¤òWeb¥µ¡¼¥Ð¤ËÇÛÃÖ¤·¤Æ²¼¤µ¤¤¡£
URL¤Ï¡¢https://<¥Û¥¹¥È̾>/oauth_client.php¤È¤·¤Þ¤¹¡£

oauth_client.php

<?php
   $app_id = "test";
   $app_secret = "test";
   $my_url = "https://<¥Û¥¹¥È̾>/oauth_client.php";

   session_start();
   $code = $_REQUEST["code"];

   if(empty($code)) {
     $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
     $url = "https://<Restful API¤Î¥Û¥¹¥È̾>/path/oauth/authorize.php?client_id="
       . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
       . $_SESSION['state'];

     echo("<script> top.location.href='" . $url . "'</script>");
   }

   if($_REQUEST['state'] == $_SESSION['state']) {
     if (!isset($_SESSION['access_token'])) {
         $url = "https://<Resutful API¤Î¥Û¥¹¥È̾>/path/oauth/token.php?"
           . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
           . "&client_secret=" . $app_secret . "&code=" . $code;

         $response = file_get_contents($url);
         $params = null;
         $params = json_decode($response);
         $_SESSION['access_token'] = $params->access_token;
     }

     $url = "https://<Restful API¤Î¥Û¥¹¥È̾>/cgi-bin/lism/attendance.cgi?oauth_token=".$_SESSION['access_token']."&action=search&filter=".urlencode("(work_date>=20xx-yy-zz)");

     $response = file_get_contents($url);
     $json_res = json_decode($response);
     for ($i = 0; $i < count($json_res->entries); $i++) {
         print("ÆüÉÕ: ".$json_res->entries[0]->work_date[$i]."<br>");
         print("³«»Ï: ".$json_res->entries[0]->start_time[$i]."<br>");
         print("½ªÎ»: ".$json_res->entries[0]->end_time[$i]."<br>");
         print("<br>");
     }
   } else {
     echo("The state does not match. You may be a victim of CSRF.");
   }
?>

¼¡¤Ëhttps://<Restful API¤Î¥Û¥¹¥È̾>/path/oauth/addclient.php¤«¤é¡¢¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤ÆÀܳ³ÎǧÍѤΥ¹¥¯¥ê¥×¥È¤òÅÐÏ¿¤·¤Æ²¼¤µ¤¤¡£
¡¦Client ID: ¥¹¥¯¥ê¥×¥È¤Î$app_id¤ÎÃÍ
¡¦Client Secret: ¥¹¥¯¥ê¥×¥È¤Î$app_secret¤ÎÃÍ
¡¦Redirect URL:  ¥¹¥¯¥ê¥×¥È¤Î$my_url¤ÎÃÍ

https://<¥Û¥¹¥È̾>/oauth_client.php¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤È¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢¥í¥°¥¤¥ó¤·¤Æ²¼¤µ¤¤¡£
¥í¥°¥¤¥ó¤·¤¿¥æ¡¼¥¶¤Î¶ÐÂÕ¾ðÊó¤¬É½¼¨¤µ¤ì¤ì¤ÐÀܳÀ®¸ù¤Ç¤¹¡£

¥»¥·¥ª¥¹¤Ç¤Ï¡¢OpenLDAP¡¢Shibboleth¡¢mod_auth_tktÅù¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤ò³èÍѤ·¤¿¥ª¡¼¥×¥ó¥½¡¼¥¹¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖSecioss Access Manager Community Edition¡×¤ò¤´Ä󶡤¤¤¿¤·¤Þ¤¹¡£

Secioss Access Manager Community Edition¤Ï¡¢GPL¤È¾¦Íѥ饤¥»¥ó¥¹¤Î¥Ç¥å¥¢¥ë¥é¥¤¥»¥ó¥¹¡ÊShibbolethÅù¼ýÏ¿¤·¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢¤Î¥é¥¤¥»¥ó¥¹¤Ï¤½¤ì¤¾¤ì¤Î¤â¤Î¤Ë½àµò¤·¤Þ¤¹¡Ë¤Ç¡¢°Ê²¼¤«¤é¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤Þ¤¹¡£
¡¦¥À¥¦¥ó¥í¡¼¥É¡§ http://sourceforge.jp/projects/secioss-auth/releases/

¥¯¥¤¥Ã¥¯¥¹¥¿¡¼¥È¥¬¥¤¥É¤ò¤´Í÷ĺ¤¯¤È¡¢´Êñ¤ËGoogle Apps¤ÈSalesforce¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò´Ä¶­¤ò¹½ÃÛ¤¤¤¿¤À¤±¤Þ¤¹¡£

¥ª¡¼¥×¥ó¥½¡¼¥¹¤ò³èÍѤ¹¤ë¤³¤È¤Ç¡¢ ¥·¥ó¥×¥ë¤«¤Ä¥«¥¹¥¿¥Þ¥¤¥ºÀ­¤Î¹â¤¤¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤ò¼Â¸½¤¤¤¿¤·¤Þ¤¹¡£ ¤ªµÒÍͤÎÍ×˾¤Ë¹ç¤ï¤»¤Æ¡¢´ë¶È¥·¥¹¥Æ¥à¤Ø¤ÎƳÆþ¤ä¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ø¤ÎÁȤ߹þ¤ß¤Ë½ÀÆð¤ËÂбþ¤·¡¢¥»¥­¥å¥ê¥Æ¥£¤Î¶¯²½¤ä¥æ¡¼¥¶¤ÎÍøÊØÀ­¸þ¾å¤Ë¹×¸¥¤¤¤¿¤·¤Þ¤¹¡£

¤µ¤é¤Ë¡¢ÊÀ¼Ò¤ÎÅý¹çID´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖSecioss Identity Manager¡×¤ÈÁȤ߹ç¤ï¤»¤Æ¤¤¤¿¤À¤¯¤³¤È¤Ç¡¢ID¤ä¥¢¥¯¥»¥¹¸¢¸Â¤Î°ì¸µ´ÉÍý¤¬²Äǽ¤È¤Ê¤ê¡¢¤è¤ê¶¯¸Ç¤Ê¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó´Ä¶­¤ò¹½ÃÛ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥·¥¹¥Æ¥à¹½À®

Secioss Access Manager Community Edition

¼ÒÆâ¤Î¥·¥¹¥Æ¥à¤ËÂФ¹¤ëWeb¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤È¥°¥ë¡¼¥×¤Ë¤è¤ë¥¢¥¯¥»¥¹À©¸æ¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£Web¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ç¤Ï¡¢¥·¥¹¥Æ¥à¤Ë¥í¥°¥¤¥ó½èÍý¤¬É¬Íפʾì¹ç¤Ç¤â¡¢ÂåÍýǧ¾Úµ¡Ç½¤Ë¤è¤Ã¤ÆSecioss Access Manager Community Edition¤¬¼«Æ°Åª¤Ë¥í¥°¥¤¥ó¤ò¹Ô¤¤¤Þ¤¹¡£¤Þ¤¿¡¢Åý¹çWindowsǧ¾Úµ¡Ç½¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¡¢Windows¤Î¥í¥°¥¤¥ó¤È¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤òÏ¢·È¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

ÆÃħ

• Secioss Access Manager Community Edition¤Ø¥í¥°¥¤¥ó¤¹¤ë¤À¤±¤Ç¡¢³Æ¥·¥¹¥Æ¥à¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤Ç¤¹¡£

• ¥ê¥Ð¡¼¥¹¥×¥í¥­¥·Êý¼°¡¢¥¨¡¼¥¸¥§¥ó¥ÈÊý¼°¤Ë²Ã¤¨¤Æ¡¢Shibboleth¡¢SAML¤äOpenID¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£ 

• ID¡¦¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Î¾¤ËÅý¹çWindowsǧ¾Ú¡¢¥¯¥é¥¤¥¢¥ó¥È¾ÚÌÀ½ñ¡¢¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¡¢·ÈÂÓÅÅÏäθÄÂμ±ÊÌÈÖ¹æǧ¾Ú¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£

• Åý¹çWindowsǧ¾Ú¤Ë¤è¤êWindows¥Þ¥·¥ó¤Ë¥í¥°¥¤¥ó¤¹¤ë¤À¤±¤Ç¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

• ·ÈÂÓÅÅÏ䫤饷¥¹¥Æ¥à¤Ø¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ë¤âÂбþ¤·¤Æ¤¤¤Þ¤¹¡£

• ¥·¥¹¥Æ¥à¤ËÂФ¹¤ë¥¢¥¯¥»¥¹¤ò¡¢ÆÃÄê¤Î¥°¥ë¡¼¥×¤Ë½ê°¤¹¤ë¥æ¡¼¥¶¤ËÀ©¸Â¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¸ú²Ì

• ¥·¥¹¥Æ¥à¤Ø¥í¥°¥¤¥ó¤¹¤ë¼ê´Ö¤ò¾Ê¤¯¤³¤È¤Ç¡¢¥æ¡¼¥¶¤ÎÀ¸»ºÀ­¤¬¸þ¾å¤·¤Þ¤¹¡£

• ¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò£±¤Ä´ÉÍý¤¹¤ì¤Ð¤è¤¯¡¢¥Ñ¥¹¥ï¡¼¥É˺¤ì¤Ë¤è¤ë¥Ñ¥¹¥ï¡¼¥É¤ÎºÆȯ¹Ô¤òºï¸º¤Ç¤­¤Þ¤¹¡£

• ǧ¾Ú¤ä¥¢¥¯¥»¥¹À©¸æ¤ò°ì¸µÅª¤Ë´ÉÍý¤·¡¢¼ÒÆ⥷¥¹¥Æ¥à¤ËÅý°ìŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¡¼¤òŬÍѤǤ­¤Þ¤¹¡£

ÂбþOS

• Red Hat Enterprise Linux 5

• CentOS 5

Âбþ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

¼¡¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¤ÎÏ¢·È¤¬²Äǽ¤Ç¤¹¡£
¤½¤Î¾¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤âÂбþ²Äǽ¤Ç¤¹¤Î¤Ç¡¢¤´ÁêÃ̲¼¤µ¤¤¡£

• ¥°¥ë¡¼¥×¥¦¥§¥¢
  ¡¡¡¦Aipo
  ¡¡¡¦¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó£²

• ¶ÐÂÕ´ÉÍý
  ¡¡¡¦MosP

• SaaS¥µ¡¼¥Ó¥¹
  ¡¡¡¦Salesforce
  ¡¡¡¦Google Apps

• ¥Ý¡¼¥¿¥ë
  ¡¡¡¦NetCommons
  ¡¡¡¦XOOPS Cube

• ¥Ö¥í¥°
  ¡¡¡¦MovableType

• CRM
  ¡¡¡¦SugarCRM

• ¥¢¥ó¥±¡¼¥È¥·¥¹¥Æ¥à
  ¡¡¡¦LimeSurvey

¥µ¥Ý¡¼¥È

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£ 

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤ÎÆâÍƤϰʲ¼¤Ë¤Ê¤ê¤Þ¤¹¡£

• À½ÉʤΥ¤¥ó¥¹¥È¡¼¥ëÊýË¡¡¢ÀßÄêÊýË¡¡¢µ¡Ç½¤Ë´Ø¤¹¤ë¥á¡¼¥ë¤Ë¤è¤ë¥Þ¥Ë¥å¥¢¥ë¥ì¥Ù¥ë¤ÎÌ䤤¹ç¤ï¤»Âбþ

• ¥á¡¼¥ë¤Ç¤Î¥ª¥Õ¥µ¥¤¥È¾ã³²Ä´ºº 

• À½ÉʤΥС¼¥¸¥ç¥ó¥¢¥Ã¥×ÈǤÎÄó¶¡

Ìä¹ç¤»

ËÜ¥½¥Õ¥È¥¦¥§¥¢¤Ë´Ø¤¹¤ë¤ªÌä¹ç¤»¤Ï¤³¤Á¤é¤«¤é¤ª´ê¤¤¤·¤Þ¤¹¡£

´Ä¶­

¡¦OS¡§ CentOS 5
¡¦LDAP¥µ¡¼¥Ð¡§¡¡OpenLDAP 2.3.43¡ÊCentOS 5Ʊº­¤Î¤â¤Î¡Ë

¥¤¥ó¥¹¥È¡¼¥ë

»öÁ°½àÈ÷

ºÇ½é¤Ë°Ê²¼¤Îrpm¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£
¡¦libxml2-devel
¡¦libtool-ltdl
¡¦unixODBC
¡¦httpd
¡¦mod_perl
¡¦perl-LDAP
¡¦perl-DBI
¡¦perl-DBD-Pg
¡¦perl-libwww-perl
¡¦php-pear
¡¦php-mysql
¡¦php-xml
¡¦words.noarch

¥Ñ¥¹¥ï¡¼¥É¶¯ÅÙ¥Á¥§¥Ã¥¯ÍѤμ­½ñ¥Õ¥¡¥¤¥ë¤òºîÀ®¤·¤Þ¤¹¡£
 # create-cracklib-dict /usr/share/dict/linux.words

OS¤Î»þ´Ö¤òÀµ¤·¤¤»þ¹ï¤Ë¹ç¤ï¤»¤Þ¤¹¡£
 # ntpdate ntp.nict.jp

Access Manager¤Î¥¤¥ó¥¹¥È¡¼¥ë

°Ê²¼¤ÎURL¤«¤éAccess Manager¤Î¥Ñ¥Ã¥±¡¼¥¸¥Õ¥¡¥¤¥ë¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£
¡¦Secioss Access Manager Community Edition

¥À¥¦¥ó¥í¡¼¥É¤·¤¿¥Ñ¥Ã¥±¡¼¥¸¥Õ¥¡¥¤¥ë¤òŸ³«¤·¤Æ¡¢¥¤¥ó¥¹¥È¡¼¥ë¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
 # ./install.sh install

Access ManagerÍѤÎÀßÄê¥Õ¥¡¥¤¥ë¤ò¥³¥Ô¡¼¤·¤Æ¤«¤é¡¢Apache¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£
 # cp /etc/httpd/conf.d/ssl.conf-secioss /etc/httpd/conf.d/ssl.conf 

ÀßÄê

LDAP¥µ¡¼¥Ð

LDAP¥µ¡¼¥Ð¤ËAccess ManagerÍѤÎLDAP¥¹¥­¡¼¥Þ¤òÅÐÏ¿¤·¤Þ¤¹¡£
 # cp /usr/share/doc/secioss-sso-enterprise-x.x.x/conf/secioss.schema /etc/openldap.schema

OpenLDAP¤ÎÀßÄê¥Õ¥¡¥¤¥ë/etc/openldap/slapd.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ¡¢LDAP¥µ¡¼¥Ð¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£

include      /etc/openldap/schema/ppolicy.schema
include      /etc/openldap/schema/secioss.schema

¡¦¡¦¡¦

attributeoptions lang- phonetic

LDAP¥µ¡¼¥Ð¤Î¥Ç¥£¥ì¥¯¥È¥ê¥Ä¥ê¡¼¤Ï¡¢°Ê²¼¤Î¹½À®¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£

Access Manager¤ÎÀßÄê

ÀßÄê¤Ï´ÉÍý¥Ä¡¼¥ëSecioss Administrator¤«¤é¹Ô¤¤¤Þ¤¹¡£
https://<Access Manager¤Î¥Û¥¹¥È̾>/seciossadmin/¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢¥æ¡¼¥¶"admin"¡¢¥Ñ¥¹¥ï¡¼¥É"admin"¤È¤·¤Æ¥í¥°¥¤¥ó¤·¤Æ²¼¤µ¤¤¡£

LDAP¥µ¡¼¥Ð¤ÎÀßÄê

ºÇ½é¤ËLDAP¥µ¡¼¥Ð¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£¡ÖLDAPÀßÄê¡×¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢³Æ¹àÌܤËÀßÄêÃͤòÆþÎϤ·¤Æ²¼¤µ¤¤¡£
Î㡧
¡¦LDAP¥µ¡¼¥Ð¤Î¼ïÎࡧ LDAP¥µ¡¼¥Ð
¡¦LDAP¥µ¡¼¥Ð¤ÎURI¡§ ldaps://localhost
¡¦LDAP¥µ¡¼¥Ð¤Î¥Ù¡¼¥¹DN¡§ dc=secioss,dc=co,dc=jp
¡¦¥æ¡¼¥¶¸¡º÷¤Î¥Ù¡¼¥¹DN¡§ ou=People
¡¦¥°¥ë¡¼¥×¸¡º÷¤Î¥Ù¡¼¥¹DN¡§ ou=Groups
¡¦LDAP¥µ¡¼¥Ð¤Î¥æ¡¼¥¶Ì¾¡§ cn=Manager,dc=secioss,dc=co,dc=jp
¡¦¥Ñ¥¹¥ï¡¼¥É¥Ï¥Ã¥·¥å·Á¼°¡§ SHA

¥æ¡¼¥¶ÅÐÏ¿

¡Ö¥æ¡¼¥¶¡×->¡Ö¿·µ¬ÅÐÏ¿¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢¥æ¡¼¥¶ÅÐÏ¿²èÌ̤«¤é¥æ¡¼¥¶¾ðÊó¤òÆþÎϤ·¤Æ²¼¤µ¤¤¡£
Î㡧
¡¦¥æ¡¼¥¶ID¡§ user001
¡¦¼Ò°÷Èֹ桧 1001
¡¦»á̾¡§ ÅÄÃæ °ìϺ
¡¦¥á¡¼¥ë¥¢¥É¥ì¥¹¡§ user001@secioss.co.jp

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÎÀßÄê

¡Ö¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÂоݤȤʤ륵¡¼¥Ð¤Î¥É¥á¥¤¥ó̾¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£
Î㡧
¡¦¥É¥á¥¤¥ó¡§ secioss.co.jp

SAML ID¥×¥í¥Ð¥¤¥À¤ÎÀßÄê

¡Ö¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡×->¡ÖSAML ID¥×¥í¥Ð¥¤¥À¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢ÀßÄê¤òÆþÎϤ·¤Æ²¼¤µ¤¤¡£
ÈëÌ©¸°¤È¸ø³«¸°¤ÏPEM·Á¼°¤Î¤â¤Î¤òÅÐÏ¿¤·¤Æ²¼¤µ¤¤¡£
Î㡧
¡¦È¯¹Ô¼Ô¡§ idp.secioss.co.jp

Google Apps¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÀßÄê

¡Ö¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡×->¡ÖGoogle Apps¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢”Google Apps¤Î¥É¥á¥¤¥ó̾”¤òÆþÎϤ·¤Æ²¼¤µ¤¤¡£
Î㡧
¡¦Google Apps¤Î¥É¥á¥¤¥ó̾¡§ secioss.co.jp

¼¡¤Ë¡¢Google Apps¤Î¥³¥ó¥È¥í¡¼¥ë¥Ñ¥Í¥ë¤Ë¥í¥°¥¤¥ó¤·¤Æ¡¢¡Ö¹âÅ٤ʥġ¼¥ë¡×->¡Ö¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó(SSO)¤ÎÀßÄê¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£
¡¦¥í¥°¥¤¥ó¥Ú¡¼¥¸¤ÎURL¡§
¡¡https://<Access Manager¤Î¥Û¥¹¥È̾>/saml/saml2/idp/SSOService.php
¡¦¥í¥°¥¢¥¦¥È¥Ú¡¼¥¸¤ÎURL¡§
  https://<Access Manager¤Î¥Û¥¹¥È̾>/saml/saml2/idp/initSLO.php?RelayState=/saml/logout.php
¡¦¥Ñ¥¹¥ï¡¼¥ÉÊѹ¹URL¡§
  https://<Access Manager¤Î¥Û¥¹¥È̾>/user/password.php
¡¦¥É¥á¥¤¥ó¸ÇÍ­¤Îȯ¹Ô¸µ¤ò»ÈÍÑ¡§ ¥Á¥§¥Ã¥¯  

Salesforce¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÀßÄê

¡Ö¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡×->¡ÖSalesforce¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢³Æ¹àÌܤËÀßÄêÃͤòÆþÎϤ·¤Æ²¼¤µ¤¤¡£
°Ê²¼¤Ï¡¢¥á¡¼¥ë¥¢¥É¥ì¥¹¤òSalesforce¤Î¥æ¡¼¥¶ID¤È¤·¤Æ»ÈÍѤ¹¤ëÎã¤Ç¤¹¡£
Î㡧
¡¦Salesforce¤Î¥í¥°¥¤¥óURL¡§ https://login.salesforce.com
¡¦¥æ¡¼¥¶ID¤Î°À­Ì¾¡§ mail

¼¡¤Ë¡ÖÀßÄê¡×->¡Ö¥»¥­¥å¥ê¥Æ¥£¥³¥ó¥È¥í¡¼¥ë¡×->¡Ö¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÀßÄê¡×¤È¥¢¥¯¥»¥¹¤·¤Æ¡¢ÊÔ½¸¥Ü¥¿¥ó¤ò¥¯¥ê¥Ã¥¯¤·¤Æ²¼¤µ¤¤¡£³Æ¹àÌܤϰʲ¼¤Î¤è¤¦¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£
¡¦SAML¤Î¥Ð¡¼¥¸¥ç¥ó¡§ 2.0
¡¦È¯¹Ô¼Ô¡§ SAML ID¥×¥í¥Ð¥¤¥À¤ÇÀßÄꤷ¤¿È¯¹Ô¼Ô
¡¦SAML¤Î¥æ¡¼¥¶ID¼ïÊÌ¡§ ¥¢¥µ¡¼¥·¥ç¥ó¤Ë¤Ï¡¢¥æ¡¼¥¶¤ÎSalesforce¥æ¡¼¥¶Ì¾¤¬´Þ¤Þ¤ì¤Þ¤¹
¡¦SAML¤Î¥æ¡¼¥¶ID¤Î¾ì½ê¡§ ¥æ¡¼¥¶ID¤Ï¡¢Subject¥¹¥Æ¡¼¥È¥á¥ó¥È¤ÎNameIdentifierÍ×ÁǤˤ¢¤ê¤Þ¤¹

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

Google Apps

Gmail¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¹¤ë¾ì¹ç¡¢"https://mail.google.com/a/<¥É¥á¥¤¥ó̾>"¤Ë¥¢¥¯¥»¥¹¤·¤Æ²¼¤µ¤¤¡£¤¹¤ë¤È¡¢Access Manager¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢ÅÐÏ¿¤·¤¿¥æ¡¼¥¶¤Ç¥í¥°¥¤¥ó¤¹¤ë¤È¡¢¥Ñ¥¹¥ï¡¼¥ÉÊѹ¹²èÌ̤¬É½¼¨¤µ¤ì¡¢½é´ü¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤òÍ׵ᤵ¤ì¤Þ¤¹¡£
¥Ñ¥¹¥ï¡¼¥ÉÊѹ¹¸å¡¢¡ÖÌá¤ë¡×¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¡¢Êѹ¹¸å¤Î¥Ñ¥¹¥ï¡¼¥É¤ÇºÆÅÙ¥í¥°¥¤¥ó¤¹¤ë¤È¡¢Gmail¤Î²èÌ̤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

Salesforce

Salesforce¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¹¤ë¾ì¹ç¡¢°Ê²¼¤ÎURL¤Ë¥¢¥¯¥»¥¹¤·¤Æ²¼¤µ¤¤¡£

https:<Access Manager¤Î¥Û¥¹¥È̾>/saml/saml2/idp/SSOService.php?spentityid=https://saml.salesforce.com

Access Manager¤Ë¥í¥°¥¤¥óºÑ¤ß¤Î¾ì¹ç¤Ï¡¢Salesforce¤Î¥Û¡¼¥à²èÌ̤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

º£²ó¤Ï¡¢Shibboleth¤ò»ÈÍѤ·¤Æ¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤òSAML¤ÎSP¡ÊService Provider¡Ë¤È¤·¤Æ¡¢Shibbileth¤ÎIDP¤È¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦¼ê½ç¤Ë¤Ä¤¤¤Æ²òÀ⤷¤Þ¤¹¡£

´Ä¶­

• IDP
  OS¡§ CentOS 5
  IDP¡§ shibboleth-idp 2.1.5

• SP
  OS¡§ CentOS 5
  ¥°¥ë¡¼¥×¥¦¥§¥¢¡§ ¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2 2.5.4
  SP¡§ shibboleth 2.3.1

IDP¤Î¹½ÃÛ

Shibboleth¤ÎIDP¤Î¥¤¥ó¥¹¥È¡¼¥ë¡¢ÀßÄê¤Ë¤Ä¤¤¤Æ¤Ï°Ê²¼¤Î³Ø½Ñǧ¾Ú¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¤Îµ»½Ñ¥¬¥¤¥É¡¡IDP¤Î¹à¤ò»²¹Í¤Ë¤·¤Æ²¼¤µ¤¤¡£
https://upki-portal.nii.ac.jp/docs/fed/technical

SP¤Î¹½ÃÛ

¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2

º£²ó¤Ï¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Î»îÍÑÈǤò»ÈÍѤ·¤Þ¤·¤¿¡£

¤Þ¤º¡¢¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Î¥·¥¹¥Æ¥à´ÉÍý²èÌÌ¡Êhttps://<¥Û¥¹¥È̾>/cgi-bin/cbgrn/grn.cgi/system/index¡Ë¤Ë¥í¥°¥¤¥ó¤·¤Æ¡¢¥í¥°¥¤¥óǧ¾Ú¤ËShibbolethǧ¾Ú¤òÄɲä·¤Þ¤¹¡£
[´ðËÜ¥·¥¹¥Æ¥à¤Î´ÉÍý]->[ǧ¾Ú]->[¥í¥°¥¤¥óǧ¾Ú]->[¥í¥°¥¤¥óǧ¾Ú¤òÄɲ乤ë]

¡¦¥í¥°¥¤¥óǧ¾Ú·Á¼°¡§ ´Ä¶­ÊÑ¿ôǧ¾Ú
¡¦É½¼¨Ì¾¡§ Shibboleth¡¡ # Ǥ°Õ
¡¦´Ä¶­ÊÑ¿ô̾¡§ REMOTE_USER
¡¦¤³¤Îʸ»úÎó°Ê¹ß¤ò½ü³°¤·¤Æǧ¾Ú¡§ @

Shibboleth¤Îǧ¾Ú¤ò»ÈÍѤ¹¤ë¤è¤¦¤ËÀßÄꤷ¤Þ¤¹¡£
[´ðËÜ¥·¥¹¥Æ¥à¤Î´ÉÍý]->[ǧ¾Ú]->[¥í¥°¥¤¥óǧ¾Ú]

Äɲä·¤¿”Shibboleth”¤ò”»ÈÍѤ¹¤ë”¤ËÊѹ¹¤·¤Þ¤¹¡£

Shibboleth

Shibboleth¤ÎSP¤Î¥¤¥ó¥¹¥È¡¼¥ë¡¢ÀßÄê¤Ë¤Ä¤¤¤Æ¤Ï°Ê²¼¤Î³Ø½Ñǧ¾Ú¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¤Îµ»½Ñ¥¬¥¤¥É¡¡SP¤Î¹à¤ò»²¹Í¤Ë¤·¤Æ²¼¤µ¤¤¡£
https://upki-portal.nii.ac.jp/docs/fed/technical

/etc/httpd/conf.d/shib.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ¡¢httpd¤òºÆµ¯Æ°¤·¤Þ¤¹¡£

<Location /cgi-bin/cbgrn/grn.cgi/index>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require valid-user
</Location>

°Ê¾å¤Ç¡¢¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Îǧ¾Ú¤òShibboleth¤Ç¹Ô¤¦¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

”https://<¥Û¥¹¥È̾>/cgi-bin/cbgrn/grn.cgi/index”¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤È¡¢Shibboleth¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¡¢¥í¥°¥¤¥ó¤¹¤ë¤È¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Î¥Ý¡¼¥¿¥ë²èÌ̤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¢¨¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Ï¡¢¥µ¥¤¥Ü¥¦¥º³ô¼°²ñ¼Ò¤ÎÅÐÏ¿¾¦É¸¤Ç¤¹¡£

¤½¤³¤Ç¡¢Åö¼Ò¤¬Äó°Æ¤·¤¿¤Î¤¬¡ÖSecioss Identity Manager Enterprise¡×¤Ç¤·¤¿¡£Secioss Identity Manager Enterprise¤òƳÆþ¤·¤¿·ë²Ì¡¢¸ÄÊ̤˴ÉÍý¤¹¤ëɬÍפ¬¤¢¤Ã¤¿LDAP¥µ¡¼¥Ð¡ÊOpen Directotry¡Ë¡¢¥á¡¼¥ë¥·¥¹¥Æ¥à¡ÊZimbra¡Ë¡¢Active Directory¤Î¥æ¡¼¥¶¾ðÊó¤òSecioss Identity Manager Enterprise¤«¤é°ì³ç´ÉÍý¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¡¢ºßÀÒ¤·¤Æ¤¤¤ë³ØÀ¸¤À¤±¤Ç¤Ê¤¯Â´¶ÈÀ¸¤Î¾ðÊó¤Þ¤Ç°ì¸µ´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£¤µ¤é¤Ë¡¢¥æ¡¼¥¶¾ðÊó¤ÏCSV¥Õ¥¡¥¤¥ë¤Ç´Êñ¤ËÆþ½ÐÎϤǤ­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

¤Þ¤¿¡¢´ÉÍý¼Ô¤Ï¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¡¢Í­¸ú´ü¸ÂÅù¡¢ÍÍ¡¹¤Ê¥Ý¥ê¥·¡¼¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¡¢¥»¥­¥å¥ê¥Æ¥£¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤·¤¿¡£¥æ¡¼¥¶¤ÏWeb¤«¤é¼«Ê¬¤Î¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤³¤È¤¬²Äǽ¤È¤Ê¤ê¡¢¥Ñ¥¹¥ï¡¼¥É¤Î´ü¸ÂÀڤ줬¶áÉÕ¤¤¤¿ºÝ¤Ë¤Ï¡¢·Ù¹ð¤Î¥á¡¼¥ë¤¬¼«Æ°ÇÛ¿®¤µ¤ì¤ë¤¿¤á¡¢¥Ñ¥¹¥ï¡¼¥É´ÉÍý¤Ë´Ø¤¹¤ëºî¶È¤¬¸úΨ²½¤µ¤ì¤Þ¤·¤¿¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ë¤ÏOpenID¡¢IDÏ¢·È¤Ë¤Ï¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤ÎLISM¤ò»ÈÍѤ·¤Æ¤¤¤Þ¤¹¡£
ǧ¾Ú¥µ¡¼¥Ð¡ÊOpenID Provider¡Ë¤Ë¤Ä¤¤¤Æ¤Ï´ÉÍý¼Ô¤¬ÆÃÄê¤Î¥µ¡¼¥Ð¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥í¥¸¥§¥¯¥È

Secioss Identity Suite GAE Edition¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤È¤·¤ÆApache¥é¥¤¥»¥ó¥¹¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£

• ¥×¥í¥¸¥§¥¯¥È¥µ¥¤¥È¡§http://sourceforge.jp/projects/secioss-auth/

• ¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¡§http://lists.sourceforge.jp/mailman/listinfo/secioss-auth-users

¾¦ÍÑ¥µ¡¼¥Ó¥¹

Identity Suite Cloud SP¤Ë´Ø¤¹¤ë¥³¥ó¥µ¥ë¥Æ¥£¥ó¥°¡¢¾¦ÍÑ¥µ¥Ý¡¼¥È¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ø¤ªÌä¹ç¤»²¼¤µ¤¤¡£

¥¤¥ó¥¹¥È¡¼¥ë

http://sourceforge.jp/projects/secioss-auth/releases/¤«¤ésecioss-idsuite-gae¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤ÆŸ³«¤·¤Æ²¼¤µ¤¤¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

secioss-idsuite-gae¤Î°Ê²¼¤Î¥Õ¥¡¥¤¥ë¡¢¥Ç¥£¥ì¥¯¥È¥ê¤òƳÆþÀè¤ÎGoogle App Engine¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥×¥í¥¸¥§¥¯¥È¤Ë¥¢¥Ã¥×¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£
consumer.py¡¢fetcher.py¡¢session.py¡¢store.py¡¢elementtree¡¢openid

IDÏ¢·È

IDÏ¢·È¤ÏLISM¤È¤Î´Ö¤Ç¹Ô¤¤¤Þ¤¹¡£
¤Þ¤º¡¢LISM¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤Ï¤³¤Á¤é¤ò¤´Í÷²¼¤µ¤¤¡£
¼¡¤Ë¡¢Google App Engine SDK¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤Ï¤³¤³¤Ç¤Ï³ä°¦¤·¤Þ¤¹¡£
ºÇ¸å¤Ësecioss-idsuite-gae¤Îtools/gaesync.py¤ò/opt/secioss/sbin¤Ë¥³¥Ô¡¼¤·¤Æ²¼¤µ¤¤¡£

ÀßÄê

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

secioss-idsuite-gaeÆâ¤Îmain.py¤Î¥µ¥ó¥×¥ë¥¯¥é¥¹SampleFrontPage¤ò»²¹Í¤Ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Îǧ¾Ú¤òOpenID¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£
¤Þ¤¿¡¢¥¯¥é¥¹SampleAdminHandler¤Ï¡¢Ç§¾Ú¤¹¤ëOpenID Provider¤ÎURL¤òÀßÄꤹ¤ë¥µ¥ó¥×¥ë¥¯¥é¥¹¤Ç¡¢Google App Engine¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥¹¥È¥¢¤ÎOpenIDConfig¤ËÀßÄê¤òÅÐÏ¿¤·¤Þ¤¹¡£

OpenID Provider¤ÎURL¤òOpenIDConfig¤ËÅÐÏ¿¸å¡¢Google App Engine¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢OpenID Provider¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¤ì¤ÐÀ®¸ù¤Ç¤¹¡£

IDÏ¢·È

IDÏ¢·È¤ÎÂоݤȤʤëGoogle App Engine¤Î¥â¥Ç¥ë¥¯¥é¥¹¤¬ÄêµÁ¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤ògaesync.py¤¬Æɤ߹þ¤á¤ë¤è¤¦¤Ë¥Ñ¥¹¤¬Ä̤äƤ¤¤ë¾ì½ê¤ËÇÛÃÖ¤·¤Æ²¼¤µ¤¤¡£

¼¡¤Ë¡¢LISM¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£ÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤ò¤´Í÷²¼¤µ¤¤¡£

¥â¥Ç¥ë¥¯¥é¥¹¤ÈLISM¤ÎÀßÄêÎã¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£

User.py

from google.appengine.ext import db

class User(db.Model):
  """User class"""
  id = db.StringProperty()
  name = db.StringProperty()

lism.conf

<config>
  ¡¦¡¦¡¦
  <data name="GAE">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=GAE</rdn>
    </container>
    <storage name="GAE">
      <appid>application_id</appid>
      <admin>admin@secioss.co.jp</admin>
      <passwd>secret</passwd>
      <command>/usr/local/bin/python /opt/secioss/sbin/gaesync.py</command>
      <updatelog>/opt/secioss/var/lib/ldap/update.log</updatelog>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <rdn>uid</rdn>
        <oc>person</oc>
        <oc>inetOrgPerson</oc>
        <attr name="uid">
          <param>id</param>
        </attr>
        <attr name="cn">
          <param>name</param>
        </attr>
      </object>
    </storage>
  </data>
</config>

¤Þ¤¿¡¢cron¤ÇÄê´üŪ¤Ë°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤è¤¦¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£
 /opt/secioss/sbin/gaesync.py update /opt/secioss/var/lib/ldap/update.log

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥æ¡¼¥¶¤òÅÐÏ¿¤¹¤ë¤Ë¤Ï¡¢LISM¤ËÂФ·¤Æ¥æ¡¼¥¶¥¨¥ó¥È¥ê¤òÄɲ䷤Ʋ¼¤µ¤¤¡£
  # ldapadd -x -H ldap://:3890  -D 'cn=Manager,dc=secioss,dc=co,dc=jp' -w secret -f user.ldif

Î㡧user.ldif

dn: uid=user01,ou=People,ou=GAE,dc=secioss,dc=co,dc=jp
objectClass: inetOrgPerson
uid: user01
cn: ÅÄÃæ¡¡°ìϺ
sn: ÅÄÃæ

LDAP¥µ¡¼¥Ð¤ÈIDÏ¢·È¤ò¹Ô¤¦¤Ë¤Ï¡¢lism.conf¤ËÊÌÅÓLDAP¥µ¡¼¥Ð¤ÈƱ´ü¤ò¹Ô¤¦ÀßÄê¤òÄɲ䷤Ʋ¼¤µ¤¤¡£

ÊÀ¼Ò¤Ç¤Ï¡¢¥í¥°¥¤¥ó»þ¤Îǧ¾Ú¤ËID¡¦¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Î¾¤Ë¥ª¥×¥·¥ç¥ó¤È¤·¤ÆÅý¹çWindowsǧ¾Ú¤òÁªÂò¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

¥¢¥¯¥»¥¹À©¸æ
Shibboleth-IdP¤Ë¤Ï¥¢¥¯¥»¥¹À©¸æµ¡Ç½¤¬¤Ê¤¯¡¢ÀܳÀèSP¤¬Âбþ¤·¤Æ¤¤¤Ê¤±¤ì¤Ð¥¢¥¯¥»¥¹À©¸æ¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£ÊÀ¼Ò¤¬Ä󶡤¹¤ë¡ÖShibboleth-IdP¥¢¥¯¥»¥¹À©¸æ¥×¥é¥°¥¤¥ó¡×¤ò¹ØÆþ¤·¤Æĺ¤¯¤È¡¢¥¢¥¯¥»¥¹À©¸æ¤ËÂбþ¤·¤Æ¤Ê¤¤SP¤ËÂФ·¤Æ¤â¥¢¥¯¥»¥¹À©¸æ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

ÆÃħ

• Shibboleth¤Ø¥í¥°¥¤¥ó¤¹¤ë¤À¤±¤Ç¡¢SAML¤ËÂбþ¤·¤¿³Æ¥·¥¹¥Æ¥à¤Ø¡¢¥í¥°¥¤¥ó¤ÎɬÍפʤ¯¥¢¥¯¥»¥¹¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

• ³Ø½Ñǧ¾Ú¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¡¢Google AppsÅùSAML¤ËÂбþ¤·¤¿³°Éô¤Î¥µ¡¼¥Ó¥¹¤È¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ç¤¹¡£

• Åý¹çWindowsǧ¾Ú¤Ë¤è¤êWindows¥Þ¥·¥ó¤Ë¥í¥°¥¤¥ó¤¹¤ë¤À¤±¤Ç¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

• ¥¢¥¯¥»¥¹À©¸æ¤ËÂбþ¤·¤Æ¤¤¤Ê¤¤SP¤â´Þ¤á¡¢Shibboleth-IdP¦¤ÇÁ´¤Æ¤ÎSP¤ËÂФ·¤Æ¥¢¥¯¥»¥¹À©¸æ¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£¢¨Ã¢¤·¡¢¡ÖShibboleth-IdP¥¢¥¯¥»¥¹À©¸æ¥×¥é¥°¥¤¥ó¡×¤ò¹ØÆþ¤·¤¿¾ì¹ç¤Î¤ß

¸ú²Ì

• ¥·¥¹¥Æ¥à¤Ø¥í¥°¥¤¥ó¤¹¤ë¼ê´Ö¤ò¾Ê¤¯¤³¤È¤Ç¡¢¥æ¡¼¥¶¤ÎÀ¸»ºÀ­¤¬¸þ¾å¤·¤Þ¤¹¡£

• ¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò£±¤Ä´ÉÍý¤¹¤ì¤Ð¤è¤¯¡¢¥Ñ¥¹¥ï¡¼¥É˺¤ì¤Ë¤è¤ë¥Ñ¥¹¥ï¡¼¥É¤ÎºÆȯ¹Ô¤òºï¸º¤Ç¤­¤Þ¤¹¡£

• ǧ¾Ú¤ò°ì¸µÅª¤Ë´ÉÍý¤·¡¢³Æ¥·¥¹¥Æ¥à¤ËÅý°ìŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¡¼¤òŬÍѤǤ­¤Þ¤¹¡£

ËÜ¥µ¡¼¥Ó¥¹¤Ë´Ø¤¹¤ë¤ªÌä¹ç¤»¤Ï¤³¤Á¤é¤«¤é¤ª´ê¤¤¤·¤Þ¤¹¡£

¥µ¡¼¥Ó¥¹

¥·¥¹¥Æ¥àÀß·×

Shibboleth¤òƳÆþ¤¹¤ë¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¡¢¥·¥¹¥Æ¥à¹½À®¤ä¡¢±¿ÍÑ´ÉÍýÊý¼°¤ÎÀ߷פò¹Ô¤¤¤Þ¤¹¡£

¥·¥¹¥Æ¥àƳÆþ

Shibboleth¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÈÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£

Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎSAMLÂбþ

Shibboleth¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò²Äǽ¤Ë¤¹¤ë¤¿¤á¡¢Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎSAMLÂбþ¤ò¹Ô¤¤¤Þ¤¹¡£

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹

ǯ´Ö¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤È¤·¤Æ¡¢°Ê²¼¤Î¥µ¡¼¥Ó¥¹¤òÄ󶡤¤¤¿¤·¤Þ¤¹¡£

• ¥½¥Õ¥È¥¦¥§¥¢¤ÎÀßÄê¤ä±¿ÍѤ˴ؤ¹¤ë¥á¡¼¥ë¤Ç¤ÎÌ䤤¹ç¤ï¤»Âбþ

• ¥ª¥Õ¥µ¥¤¥È¤Ç¤Î¾ã³²Âбþ

• ²óÈòºö¤Î¤Ê¤¤ÉÔ¶ñ¹ç¤ËÂФ¹¤ë¥Ñ¥Ã¥ÁºîÀ®

¡¦Secioss Identity Manager Enterprise Edition¡§¡¡¤ªµÒÍÍ´ë¶È¤ÎID¤òÅý¹ç´ÉÍý¤¹¤ë¥½¥ê¥å¡¼¥·¥ç¥ó¤Ç¤¹¡£
¡¦Secioss Access Manager Enterprise Edition¡§¡¡¤ªµÒÍÍ´ë¶È¤ÇÍøÍѤ¹¤ë¥µ¡¼¥Ó¥¹¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦¥½¥ê¥å¡¼¥·¥ç¥ó¤Ç¤¹¡£
¡¦Secioss Identity/Access Manager SaaS Edition¡§¡¡¤ªµÒÍͤΥ¨¥ó¥É¥æ¡¼¥¶¤ËÂФ·¤ÆSaaS·¿¤ÇÅý¹çID´ÉÍý¡¦¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥µ¡¼¥Ó¥¹¤òÄ󶡲Äǽ¤È¤¹¤ë¥½¥ê¥å¡¼¥·¥ç¥ó¤Ç¤¹¡£

¥·¥¹¥Æ¥à¹½À®

´ë¶ÈƳÆþ¤Î¾ì¹ç

SaaS·¿¤Î¾ì¹ç

Secioss Identity Manager

µ¡Ç½

• ¥æ¡¼¥¶´ÉÍý
  Google Apps¡¢Salesforce¤ä¥ª¥ó¥×¥ì¥ß¥¹¡¢¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥ÉÆâ¤Î¥·¥¹¥Æ¥à¤ÎID¤òÅý¹ç´ÉÍý¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£
  ¤Þ¤¿¡¢¥·¥¹¥Æ¥àËè¤ËÏ¢·È¤¹¤ë¥æ¡¼¥¶¤ò»ØÄꤹ¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

• ¥°¥ë¡¼¥×´ÉÍý
  ¥æ¡¼¥¶¤Î¥°¥ë¡¼¥×¤ò´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£Google Apps¤Î¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¤Î¥á¥ó¥Ð¤Î°ì³çÅÐÏ¿Åù¤â²Äǽ¤Ç¤¹¡£

• ¥Ñ¥¹¥ï¡¼¥É¥Ý¥ê¥·¡¼ 
  ¥Ñ¥¹¥ï¡¼¥É¤Î¥Ý¥ê¥·¡¼´ÉÍý¤¬²Äǽ¤Ç¤¹¡£Í­¸ú´ü¸Â¤ä¥Ñ¥¹¥ï¡¼¥É¤Î»ÈÍÑʸ»ú¤Ê¤É¤Î»ØÄ꤬²Äǽ¤Ç¤¹¡£

• IDƱ´ü¤ÎÊÂÎó½èÍý
  Ʊ´ü½èÍý¤òÊÂÎó¤Ë¥Ð¥Ã¥¯¥°¥é¥¦¥ó¥É¤Ç¼Â¹Ô¤¹¤ë¤¿¤á¡¢Ï¢·È¤¹¤ë¥µ¡¼¥Ó¥¹¤¬Áý²Ã¤·¤¿¾ì¹ç¤â¡¢IDÁàºî¤Î¥ì¥¹¥Ý¥ó¥¹»þ´Ö¤ÏÁý²Ã¤·¤Þ¤»¤ó¡£ 

• ¥í¥°¸¡º÷
  ¥æ¡¼¥¶¡¢¥°¥ë¡¼¥×¤Î¹¹¿·¤Ë´Ø¤¹¤ë¥í¥°¤òWeb¤«¤é¸¡º÷¡¢É½¼¨¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

• ¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È
  ¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È¤ËÂбþ¤·¤Æ¤ª¤ê¡¢¥Æ¥Ê¥ó¥Èñ°Ì¤Ç¤ÎID´ÉÍý¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
  SaaS Edition¤Ç¤Ï¡¢¥Æ¥Ê¥ó¥Èñ°Ì¤ÇÏ¢·È¤¹¤ë¥µ¡¼¥Ó¥¹¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

Secioss Access Manager

µ¡Ç½

• ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
  Google Apps¡¢Salesforce¤ä¥ª¥ó¥×¥ì¥ß¥¹¡¢ ¥×¥é¥¤¥Ù¡¼¥È¥¯¥é¥¦¥ÉÆâ¤Î¥·¥¹¥Æ¥à¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ç¤¹¡£
  ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÊý¼°¤È¤·¤Æ¡¢SAML¡¢OpenID¡¢¥ê¥Ð¡¼¥¹¥×¥í¥­¥·Êý¼°¡¢¥¨¡¼¥¸¥§¥ó¥ÈÊý¼°¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£

• ǧ¾Ú
  ID/¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¡¢Åý¹çWindowsǧ¾Ú¡¢¥¯¥é¥¤¥¢¥ó¥È¾ÚÌÀ½ñǧ¾Ú¡¢¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¡¢·ÈÂÓÅÅÏÃüËöǧ¾Ú¡¢SAMLǧ¾Ú¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£
  ¥¯¥é¥¤¥¢¥ó¥È¤Î¥¢¥¯¥»¥¹¸µ¥Í¥Ã¥È¥ï¡¼¥¯¤ä»þ´ÖÂӤˤè¤Ã¤Æ¡¢Ç§¾Ú¥ë¡¼¥ë¡ÊÊ£¿ô¤Îǧ¾ÚÊý¼°¤òÁȤ߹ç¤ï¤»¤¿¤ê¡¢½çÈÖ¤ò»ØÄꤹ¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡Ë¤òÀßÄꤹ¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

• ¥¢¥«¥¦¥ó¥È¤Î¥í¥Ã¥¯¥¢¥¦¥È
  »ØÄꤷ¤¿»þ´ÖÆâ¤Ë»ØÄꤷ¤¿²ó¿ôǧ¾Ú¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¡¢¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¥¢¥¦¥È¤·¤Þ¤¹¡£

• ¥¢¥¯¥»¥¹À©¸æ
  ¥æ¡¼¥¶¡¢¥°¥ë¡¼¥×¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥¢¥¯¥»¥¹¸µ¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¤â¤Á¤í¤ó¡¢»þ´ÖÂÓ¤äǧ¾ÚÊý¼°¤Ç¤Î¥µ¡¼¥Ó¥¹¤ËÂФ¹¤ë¥¢¥¯¥»¥¹À©¸æ¤¬²Äǽ¤Ç¤¹¡£ 
  ǧ¾ÚÊý¼°¤Ë¤è¤ë¥¢¥¯¥»¥¹À©¸æ¤Ç¤Ï¡¢»ØÄê¤Îǧ¾ÚÊý¼°¤Ë¤è¤ë¥í¥°¥¤¥ó¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢¥µ¡¼¥Ó¥¹¤Ë¥¢¥¯¥»¥¹¤·¤¿¥¿¥¤¥ß¥ó¥°¤Ç»ØÄê¤Îǧ¾Ú¤¬Í׵ᤵ¤ì¤Þ¤¹¡£

• ¥í¥°¸¡º÷
  ǧ¾Ú¤Ë´Ø¤¹¤ë¥í¥°¤òWeb¤«¤é¸¡º÷¡¢É½¼¨¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

• ÂåÍýǧ¾Ú
  SAML̤Âбþ¤ÎSaaS¤äASPÅù¡¢¥µ¡¼¥Ó¥¹Â¦¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤¬¤Ê¤¤¾ì¹ç¡¢ÂåÍýǧ¾Ú¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦¤³¤È¤¬²Äǽ¤Ç¤¹¡£
  SaaS Edition¤Î¤ß¤Îµ¡Ç½¤Ç¤¹¡£

• ¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È
  ¥Æ¥Ê¥ó¥Èñ°Ì¤Ç¡¢Ç§¾Ú¥ë¡¼¥ë¡¢¥¢¥¯¥»¥¹À©¸æ¤ÎÀßÄ꤬²Äǽ¤Ç¤¹¡£
  SaaS Edition¤Ç¤Ï¡¢¥Æ¥Ê¥ó¥Èñ°Ì¤Ç»ÈÍѲÄǽ¤Êǧ¾ÚÊý¼°¤äÏ¢·È¤¹¤ë¥µ¡¼¥Ó¥¹¤òÀßÄꤹ¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

ÂбþOS

• Red Hat Enterprise Linux 5

• CentOS 5

Âбþ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

¼¡¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¤ÎÏ¢·È¤¬²Äǽ¤Ç¤¹¡£
¤½¤Î¾¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤âÂбþ²Äǽ¤Ç¤¹¤Î¤Ç¡¢¤´ÁêÃ̲¼¤µ¤¤¡£

Secioss Identity Manager Enterprise Edition

• ¥°¥ë¡¼¥×¥¦¥§¥¢
  ¡¡¡¦Aipo

• ¶ÐÂÕ´ÉÍý
  ¡¡¡¦MosP

• ÈÎÇä´ÉÍý
  ¡¡¡¦SalesCube

• Saas¥µ¡¼¥Ó¥¹
  ¡¡¡¦Salesforce
  ¡¡¡¦Google Apps

• ¥á¡¼¥ë¥·¥¹¥Æ¥à
  ¡¡¡¦Zimbra

• ¥á¡¼¥ë¥¢¡¼¥«¥¤¥Ö
  ¡¡¡¦MailArchiva

• ¥Ý¡¼¥¿¥ë
  ¡¡¡¦NetCommons
  ¡¡¡¦Liferay
  ¡¡¡¦XOOPS Cube

• ECM¡Ê´ë¶È¸þ¤±¥³¥ó¥Æ¥ó¥Ä´ÉÍý¥·¥¹¥Æ¥à¡Ë
  ¡¡¡¦Alfresco

• ʸ½ñ´ÉÍý
  ¡¡¡¦KnowledgeTree

• ¥Ö¥í¥°
  ¡¡¡¦MovableType

• CRM
  ¡¡¡¦SugarCRM

Secioss Access Manager Eterprise Edition

• ¾ÚÌÀ½ñǧ¾Ú
  ¡¡¡¦Gleas¡ÊJCCH¡¦¥»¥­¥å¥ê¥Æ¥£¡¦¥½¥ê¥å¡¼¥·¥ç¥ó¡¦¥·¥¹¥Æ¥à¥º¡Ë

• ¥°¥ë¡¼¥×¥¦¥§¥¢
  ¡¡¡¦Aipo
  ¡¡¡¦¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó£²

• ¶ÐÂÕ´ÉÍý
  ¡¡¡¦MosP

• ÈÎÇä´ÉÍý
  ¡¡¡¦SalesCube

• SaaS¥µ¡¼¥Ó¥¹
  ¡¡¡¦Salesforce
  ¡¡¡¦Google Apps

• ¥á¡¼¥ë¥¢¡¼¥«¥¤¥Ö
  ¡¡¡¦MailArchiva

• ¥Ý¡¼¥¿¥ë
  ¡¡¡¦NetCommons ¡¡¡¦XOOPS Cube

• ʸ½ñ´ÉÍý
  ¡¡¡¦KnowledgeTree

• ¥Ö¥í¥°
  ¡¡¡¦MovableType

• CRM
  ¡¡¡¦SugarCRM

• ¥¢¥ó¥±¡¼¥È¥·¥¹¥Æ¥à
  ¡¡¡¦LimeSurvey

²Á³Ê

¥½¥Õ¥È¥¦¥§¥¢

¥é¥¤¥»¥ó¥¹²Á³Ê¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ë¤ªÌä¹ç¤»²¼¤µ¤¤¡£

¥µ¥Ý¡¼¥È

ǯ´Ö¤Î¥µ¥Ý¡¼¥ÈÎÁ¤Ï¡¢¥é¥¤¥»¥ó¥¹²Á³Ê¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£ 

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤ÎÆâÍƤϰʲ¼¤Ë¤Ê¤ê¤Þ¤¹¡£

• À½ÉʤΥ¤¥ó¥¹¥È¡¼¥ëÊýË¡¡¢ÀßÄêÊýË¡¡¢µ¡Ç½¤Ë´Ø¤¹¤ë¥á¡¼¥ë¤Ë¤è¤ë¥Þ¥Ë¥å¥¢¥ë¥ì¥Ù¥ë¤ÎÌ䤤¹ç¤ï¤»Âбþ

• ¥á¡¼¥ë¤Ç¤Î¥ª¥Õ¥µ¥¤¥È¾ã³²Ä´ºº 

• À½ÉʤΥޥ¤¥Ê¡¼¥Ð¡¼¥¸¥ç¥ó¥¢¥Ã¥×ÈǤÎÄó¶¡

Ìä¹ç¤»

ËÜÀ½Éʤ˴ؤ¹¤ë¤ªÌä¹ç¤»¤Ï¤³¤Á¤é¤«¤é¤ª´ê¤¤¤·¤Þ¤¹¡£

• Secioss Access Manager Community Edition
  SAML¤äShibboleth¡¢OpenID¡¢¥ê¥Ð¡¼¥¹¥×¥í¥­¥·Êý¼°¡¢¥¨¡¼¥¸¥§¥ó¥ÈÊý¼°Åù¡¢ÍÍ¡¹¤Ê¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÊý¼°¤ËÂбþ¤·¤¿¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¥½¥ê¥å¡¼¥·¥ç¥ó¤Ç¤¹¡£
   

• Secioss OTP
  ·ÈÂÓÅÅÏäò»ÈÍѤ·¤¿¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤Î¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Ç¤¹¡£
   

• Secioss Identity Suite Cloud Edition
  Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËSAMLǧ¾Ú¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óµ¡Ç½¤ÈIDƱ´üÍÑWeb API¤òÉղ乤륽¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£

• Secioss Identity Suite GAE Edition
  Goolge App Engine¾å¤ÇÆ°ºî¤¹¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈIDÏ¢·ÈÍѤΥ¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤òÄ󶡤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£