º£²ó¤Ï¡¢Shibboleth¤ò»ÈÍѤ·¤Æ¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤òSAML¤ÎSP¡ÊService Provider¡Ë¤È¤·¤Æ¡¢Shibbileth¤ÎIDP¤È¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¦¼ê½ç¤Ë¤Ä¤¤¤Æ²òÀ⤷¤Þ¤¹¡£

´Ä¶­

• IDP
  OS¡§ CentOS 5
  IDP¡§ shibboleth-idp 2.1.5

• SP
  OS¡§ CentOS 5
  ¥°¥ë¡¼¥×¥¦¥§¥¢¡§ ¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2 2.5.4
  SP¡§ shibboleth 2.3.1

IDP¤Î¹½ÃÛ

Shibboleth¤ÎIDP¤Î¥¤¥ó¥¹¥È¡¼¥ë¡¢ÀßÄê¤Ë¤Ä¤¤¤Æ¤Ï°Ê²¼¤Î³Ø½Ñǧ¾Ú¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¤Îµ»½Ñ¥¬¥¤¥É¡¡IDP¤Î¹à¤ò»²¹Í¤Ë¤·¤Æ²¼¤µ¤¤¡£
https://upki-portal.nii.ac.jp/docs/fed/technical

SP¤Î¹½ÃÛ

¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2

º£²ó¤Ï¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Î»îÍÑÈǤò»ÈÍѤ·¤Þ¤·¤¿¡£

¤Þ¤º¡¢¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Î¥·¥¹¥Æ¥à´ÉÍý²èÌÌ¡Êhttps://<¥Û¥¹¥È̾>/cgi-bin/cbgrn/grn.cgi/system/index¡Ë¤Ë¥í¥°¥¤¥ó¤·¤Æ¡¢¥í¥°¥¤¥óǧ¾Ú¤ËShibbolethǧ¾Ú¤òÄɲä·¤Þ¤¹¡£
[´ðËÜ¥·¥¹¥Æ¥à¤Î´ÉÍý]->[ǧ¾Ú]->[¥í¥°¥¤¥óǧ¾Ú]->[¥í¥°¥¤¥óǧ¾Ú¤òÄɲ乤ë]

¡¦¥í¥°¥¤¥óǧ¾Ú·Á¼°¡§ ´Ä¶­ÊÑ¿ôǧ¾Ú
¡¦É½¼¨Ì¾¡§ Shibboleth¡¡ # Ǥ°Õ
¡¦´Ä¶­ÊÑ¿ô̾¡§ REMOTE_USER
¡¦¤³¤Îʸ»úÎó°Ê¹ß¤ò½ü³°¤·¤Æǧ¾Ú¡§ @

Shibboleth¤Îǧ¾Ú¤ò»ÈÍѤ¹¤ë¤è¤¦¤ËÀßÄꤷ¤Þ¤¹¡£
[´ðËÜ¥·¥¹¥Æ¥à¤Î´ÉÍý]->[ǧ¾Ú]->[¥í¥°¥¤¥óǧ¾Ú]

Äɲä·¤¿”Shibboleth”¤ò”»ÈÍѤ¹¤ë”¤ËÊѹ¹¤·¤Þ¤¹¡£

Shibboleth

Shibboleth¤ÎSP¤Î¥¤¥ó¥¹¥È¡¼¥ë¡¢ÀßÄê¤Ë¤Ä¤¤¤Æ¤Ï°Ê²¼¤Î³Ø½Ñǧ¾Ú¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¤Îµ»½Ñ¥¬¥¤¥É¡¡SP¤Î¹à¤ò»²¹Í¤Ë¤·¤Æ²¼¤µ¤¤¡£
https://upki-portal.nii.ac.jp/docs/fed/technical

/etc/httpd/conf.d/shib.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ¡¢httpd¤òºÆµ¯Æ°¤·¤Þ¤¹¡£

<Location /cgi-bin/cbgrn/grn.cgi/index>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require valid-user
</Location>

°Ê¾å¤Ç¡¢¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Îǧ¾Ú¤òShibboleth¤Ç¹Ô¤¦¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

”https://<¥Û¥¹¥È̾>/cgi-bin/cbgrn/grn.cgi/index”¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤È¡¢Shibboleth¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¡¢¥í¥°¥¤¥ó¤¹¤ë¤È¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Î¥Ý¡¼¥¿¥ë²èÌ̤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¢¨¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó2¤Ï¡¢¥µ¥¤¥Ü¥¦¥º³ô¼°²ñ¼Ò¤ÎÅÐÏ¿¾¦É¸¤Ç¤¹¡£

¤½¤³¤Ç¡¢Åö¼Ò¤¬Äó°Æ¤·¤¿¤Î¤¬¡ÖSecioss Identity Manager Enterprise¡×¤Ç¤·¤¿¡£Secioss Identity Manager Enterprise¤òƳÆþ¤·¤¿·ë²Ì¡¢¸ÄÊ̤˴ÉÍý¤¹¤ëɬÍפ¬¤¢¤Ã¤¿LDAP¥µ¡¼¥Ð¡ÊOpen Directotry¡Ë¡¢¥á¡¼¥ë¥·¥¹¥Æ¥à¡ÊZimbra¡Ë¡¢Active Directory¤Î¥æ¡¼¥¶¾ðÊó¤òSecioss Identity Manager Enterprise¤«¤é°ì³ç´ÉÍý¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¡¢ºßÀÒ¤·¤Æ¤¤¤ë³ØÀ¸¤À¤±¤Ç¤Ê¤¯Â´¶ÈÀ¸¤Î¾ðÊó¤Þ¤Ç°ì¸µ´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£¤µ¤é¤Ë¡¢¥æ¡¼¥¶¾ðÊó¤ÏCSV¥Õ¥¡¥¤¥ë¤Ç´Êñ¤ËÆþ½ÐÎϤǤ­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

¤Þ¤¿¡¢´ÉÍý¼Ô¤Ï¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¡¢Í­¸ú´ü¸ÂÅù¡¢ÍÍ¡¹¤Ê¥Ý¥ê¥·¡¼¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¡¢¥»¥­¥å¥ê¥Æ¥£¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤·¤¿¡£¥æ¡¼¥¶¤ÏWeb¤«¤é¼«Ê¬¤Î¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤³¤È¤¬²Äǽ¤È¤Ê¤ê¡¢¥Ñ¥¹¥ï¡¼¥É¤Î´ü¸ÂÀڤ줬¶áÉÕ¤¤¤¿ºÝ¤Ë¤Ï¡¢·Ù¹ð¤Î¥á¡¼¥ë¤¬¼«Æ°ÇÛ¿®¤µ¤ì¤ë¤¿¤á¡¢¥Ñ¥¹¥ï¡¼¥É´ÉÍý¤Ë´Ø¤¹¤ëºî¶È¤¬¸úΨ²½¤µ¤ì¤Þ¤·¤¿¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ë¤ÏOpenID¡¢IDÏ¢·È¤Ë¤Ï¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤ÎLISM¤ò»ÈÍѤ·¤Æ¤¤¤Þ¤¹¡£
ǧ¾Ú¥µ¡¼¥Ð¡ÊOpenID Provider¡Ë¤Ë¤Ä¤¤¤Æ¤Ï´ÉÍý¼Ô¤¬ÆÃÄê¤Î¥µ¡¼¥Ð¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥í¥¸¥§¥¯¥È

Secioss Identity Suite GAE Edition¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤È¤·¤ÆApache¥é¥¤¥»¥ó¥¹¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£

• ¥×¥í¥¸¥§¥¯¥È¥µ¥¤¥È¡§http://sourceforge.jp/projects/secioss-auth/

• ¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¡§http://lists.sourceforge.jp/mailman/listinfo/secioss-auth-users

¾¦ÍÑ¥µ¡¼¥Ó¥¹

Identity Suite Cloud SP¤Ë´Ø¤¹¤ë¥³¥ó¥µ¥ë¥Æ¥£¥ó¥°¡¢¾¦ÍÑ¥µ¥Ý¡¼¥È¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ø¤ªÌä¹ç¤»²¼¤µ¤¤¡£

¥¤¥ó¥¹¥È¡¼¥ë

http://sourceforge.jp/projects/secioss-auth/releases/¤«¤ésecioss-idsuite-gae¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤ÆŸ³«¤·¤Æ²¼¤µ¤¤¡£

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

secioss-idsuite-gae¤Î°Ê²¼¤Î¥Õ¥¡¥¤¥ë¡¢¥Ç¥£¥ì¥¯¥È¥ê¤òƳÆþÀè¤ÎGoogle App Engine¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥×¥í¥¸¥§¥¯¥È¤Ë¥¢¥Ã¥×¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£
consumer.py¡¢fetcher.py¡¢session.py¡¢store.py¡¢elementtree¡¢openid

IDÏ¢·È

IDÏ¢·È¤ÏLISM¤È¤Î´Ö¤Ç¹Ô¤¤¤Þ¤¹¡£
¤Þ¤º¡¢LISM¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤Ï¤³¤Á¤é¤ò¤´Í÷²¼¤µ¤¤¡£
¼¡¤Ë¡¢Google App Engine SDK¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤Ï¤³¤³¤Ç¤Ï³ä°¦¤·¤Þ¤¹¡£
ºÇ¸å¤Ësecioss-idsuite-gae¤Îtools/gaesync.py¤ò/opt/secioss/sbin¤Ë¥³¥Ô¡¼¤·¤Æ²¼¤µ¤¤¡£

ÀßÄê

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó

secioss-idsuite-gaeÆâ¤Îmain.py¤Î¥µ¥ó¥×¥ë¥¯¥é¥¹SampleFrontPage¤ò»²¹Í¤Ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Îǧ¾Ú¤òOpenID¤ËÊѹ¹¤·¤Æ²¼¤µ¤¤¡£
¤Þ¤¿¡¢¥¯¥é¥¹SampleAdminHandler¤Ï¡¢Ç§¾Ú¤¹¤ëOpenID Provider¤ÎURL¤òÀßÄꤹ¤ë¥µ¥ó¥×¥ë¥¯¥é¥¹¤Ç¡¢Google App Engine¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥¹¥È¥¢¤ÎOpenIDConfig¤ËÀßÄê¤òÅÐÏ¿¤·¤Þ¤¹¡£

OpenID Provider¤ÎURL¤òOpenIDConfig¤ËÅÐÏ¿¸å¡¢Google App Engine¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¥¢¥¯¥»¥¹¤·¤Æ¡¢OpenID Provider¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¤ì¤ÐÀ®¸ù¤Ç¤¹¡£

IDÏ¢·È

IDÏ¢·È¤ÎÂоݤȤʤëGoogle App Engine¤Î¥â¥Ç¥ë¥¯¥é¥¹¤¬ÄêµÁ¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤ògaesync.py¤¬Æɤ߹þ¤á¤ë¤è¤¦¤Ë¥Ñ¥¹¤¬Ä̤äƤ¤¤ë¾ì½ê¤ËÇÛÃÖ¤·¤Æ²¼¤µ¤¤¡£

¼¡¤Ë¡¢LISM¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£ÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤ò¤´Í÷²¼¤µ¤¤¡£

¥â¥Ç¥ë¥¯¥é¥¹¤ÈLISM¤ÎÀßÄêÎã¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£

User.py

from google.appengine.ext import db

class User(db.Model):
  """User class"""
  id = db.StringProperty()
  name = db.StringProperty()

lism.conf

<config>
  ¡¦¡¦¡¦
  <data name="GAE">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=GAE</rdn>
    </container>
    <storage name="GAE">
      <appid>application_id</appid>
      <admin>admin@secioss.co.jp</admin>
      <passwd>secret</passwd>
      <command>/usr/local/bin/python /opt/secioss/sbin/gaesync.py</command>
      <updatelog>/opt/secioss/var/lib/ldap/update.log</updatelog>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <rdn>uid</rdn>
        <oc>person</oc>
        <oc>inetOrgPerson</oc>
        <attr name="uid">
          <param>id</param>
        </attr>
        <attr name="cn">
          <param>name</param>
        </attr>
      </object>
    </storage>
  </data>
</config>

¤Þ¤¿¡¢cron¤ÇÄê´üŪ¤Ë°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤è¤¦¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£
 /opt/secioss/sbin/gaesync.py update /opt/secioss/var/lib/ldap/update.log

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥æ¡¼¥¶¤òÅÐÏ¿¤¹¤ë¤Ë¤Ï¡¢LISM¤ËÂФ·¤Æ¥æ¡¼¥¶¥¨¥ó¥È¥ê¤òÄɲ䷤Ʋ¼¤µ¤¤¡£
  # ldapadd -x -H ldap://:3890  -D 'cn=Manager,dc=secioss,dc=co,dc=jp' -w secret -f user.ldif

Î㡧user.ldif

dn: uid=user01,ou=People,ou=GAE,dc=secioss,dc=co,dc=jp
objectClass: inetOrgPerson
uid: user01
cn: ÅÄÃæ¡¡°ìϺ
sn: ÅÄÃæ

LDAP¥µ¡¼¥Ð¤ÈIDÏ¢·È¤ò¹Ô¤¦¤Ë¤Ï¡¢lism.conf¤ËÊÌÅÓLDAP¥µ¡¼¥Ð¤ÈƱ´ü¤ò¹Ô¤¦ÀßÄê¤òÄɲ䷤Ʋ¼¤µ¤¤¡£

¤Þ¤¿¡¢ÊÀ¼Ò¤Ç¤Ï¥í¥°¥¤¥ó»þ¤Îǧ¾Ú¤ËID¡¦¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Î¾¤Ë¥ª¥×¥·¥ç¥ó¤È¤·¤ÆÅý¹çWindowsǧ¾Ú¤òÁªÂò¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

ÆÃħ

• Shibboleth¤Ø¥í¥°¥¤¥ó¤¹¤ë¤À¤±¤Ç¡¢SAML¤ËÂбþ¤·¤¿³Æ¥·¥¹¥Æ¥à¤Ø¡¢¥í¥°¥¤¥ó¤ÎɬÍפʤ¯¥¢¥¯¥»¥¹¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

• ³Ø½Ñǧ¾Ú¥Õ¥§¥Ç¥ì¡¼¥·¥ç¥ó¡¢Google AppsÅùSAML¤ËÂбþ¤·¤¿³°Éô¤Î¥µ¡¼¥Ó¥¹¤È¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ç¤¹¡£

• Åý¹çWindowsǧ¾Ú¤Ë¤è¤êWindows¥Þ¥·¥ó¤Ë¥í¥°¥¤¥ó¤¹¤ë¤À¤±¤Ç¡¢¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

¸ú²Ì

• ¥·¥¹¥Æ¥à¤Ø¥í¥°¥¤¥ó¤¹¤ë¼ê´Ö¤ò¾Ê¤¯¤³¤È¤Ç¡¢¥æ¡¼¥¶¤ÎÀ¸»ºÀ­¤¬¸þ¾å¤·¤Þ¤¹¡£

• ¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò£±¤Ä´ÉÍý¤¹¤ì¤Ð¤è¤¯¡¢¥Ñ¥¹¥ï¡¼¥É˺¤ì¤Ë¤è¤ë¥Ñ¥¹¥ï¡¼¥É¤ÎºÆȯ¹Ô¤òºï¸º¤Ç¤­¤Þ¤¹¡£

• ǧ¾Ú¤ò°ì¸µÅª¤Ë´ÉÍý¤·¡¢³Æ¥·¥¹¥Æ¥à¤ËÅý°ìŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¡¼¤òŬÍѤǤ­¤Þ¤¹¡£

ËÜ¥µ¡¼¥Ó¥¹¤Ë´Ø¤¹¤ë¤ªÌä¹ç¤»¤Ï¤³¤Á¤é¤«¤é¤ª´ê¤¤¤·¤Þ¤¹¡£

¥µ¡¼¥Ó¥¹

¥·¥¹¥Æ¥àÀß·×

Shibboleth¤òƳÆþ¤¹¤ë¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¡¢¥·¥¹¥Æ¥à¹½À®¤ä¡¢±¿ÍÑ´ÉÍýÊý¼°¤ÎÀ߷פò¹Ô¤¤¤Þ¤¹¡£

¥·¥¹¥Æ¥àƳÆþ

Shibboleth¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÈÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£

Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎSAMLÂбþ

Shibboleth¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò²Äǽ¤Ë¤¹¤ë¤¿¤á¡¢Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎSAMLÂбþ¤ò¹Ô¤¤¤Þ¤¹¡£

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹

ǯ´Ö¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤È¤·¤Æ¡¢°Ê²¼¤Î¥µ¡¼¥Ó¥¹¤òÄ󶡤¤¤¿¤·¤Þ¤¹¡£

• ¥½¥Õ¥È¥¦¥§¥¢¤ÎÀßÄê¤ä±¿ÍѤ˴ؤ¹¤ë¥á¡¼¥ë¤Ç¤ÎÌ䤤¹ç¤ï¤»Âбþ

• ¥ª¥Õ¥µ¥¤¥È¤Ç¤Î¾ã³²Âбþ

• ²óÈòºö¤Î¤Ê¤¤ÉÔ¶ñ¹ç¤ËÂФ¹¤ë¥Ñ¥Ã¥ÁºîÀ®

¥·¥¹¥Æ¥à¹½À®

°ìÈÌ´ë¶ÈƳÆþ»þ

SaaS¥Ù¥ó¥À¡¼Æ³Æþ»þ

Secioss Identity Manager Enterprise Cloud

¿·µ¬µ¡Ç½

• SAMLÂбþ¤Î¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤Î¥æ¡¼¥¶¾ðÊó¤ò¼ÒÆ⥷¥¹¥Æ¥à¤Î¥æ¡¼¥¶¾ðÊó¤ÈƱ´ü¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ 

• Ï¢·È¤¹¤ëSaaS¥µ¡¼¥Ó¥¹¤¬Áý¤¨¤Æ¤â¡¢Æ±´ü½èÍý¤¬ÊÂÎó¥Ð¥Ã¥¯¥°¥é¥¦¥ó¥É¼Â¹Ô¤µ¤ì¤ë¤¿¤á¥ì¥¹¥Ý¥ó¥¹»þ´Ö¤Ë¤Û¤È¤ó¤É±Æ¶Á¤¬¤¢¤ê¤Þ¤»¤ó¡£ 

• SaaS¤Î¸¢¸Â¤ò»þ´ÖÂÓ»ØÄê¤Ç³äÅö²Äǽ¤Ç¤¹¡£ 

Secioss Access Manager Enterprise Cloud

¿·µ¬µ¡Ç½

• SAMLÂбþ¤Î¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ¡¢¼ÒÆ⥷¥¹¥Æ¥à¤È¤«¤ï¤ê¤Ê¤¯¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬¤Ç¤­¤Þ¤¹¡£ 

• ¥°¥ë¡¼¥×ñ°Ì¤Ï¤â¤Á¤í¤ó»þ´ÖÂÓ¡¢Àܳ¸µ¥Û¥¹¥È¤Ê¤É¤­¤áºÙ¤«¤Ê¥¢¥¯¥»¥¹À©¸æ¤¬²Äǽ¤Ç¤¹¡£ 

• Web¤è¤ê¥í¥°¤ò´ð¤Ë¤·¤¿ÍøÍѾõ¶·¤Î³Îǧ¤¬¤Ç¤­¤Þ¤¹¡£ 

• °Ê²¼¤Îǧ¾ÚÊý¼°¤òƱ»þ¤ËÁȤ߹ç¤ï¤»¤ë¤³¤È¤¬²Äǽ¡£
  ¡¦ID/¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú
  ¡¦¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú
  ¡¦Åý¹çWindowsǧ¾Ú
  ¡¦¾ÚÌÀ½ñǧ¾Ú
  ¡¦·ÈÂÓÅÅÏÃüËö¸ÄÂμ±ÊÌÈÖ¹æǧ¾Ú

ÂбþOS

• Red Hat Enterprise Linux 5

• CentOS 5

Âбþ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

¼¡¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¤ÎÏ¢·È¤¬²Äǽ¤Ç¤¹¡£
¤½¤Î¾¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤âÂбþ²Äǽ¤Ç¤¹¤Î¤Ç¡¢¤´ÁêÃ̲¼¤µ¤¤¡£

Secioss Identity Manager Enterprise Cloud

• ¥°¥ë¡¼¥×¥¦¥§¥¢
  ¡¡¡¦Aipo4

• ¶ÐÂÕ´ÉÍý
  ¡¡¡¦MosP

• Saas¥µ¡¼¥Ó¥¹
  ¡¡¡¦Salesforce
  ¡¡¡¦Google Apps

• ¥á¡¼¥ë¥·¥¹¥Æ¥à
  ¡¡¡¦Zimbra

• ¥Ý¡¼¥¿¥ë
  ¡¡¡¦Liferay
  ¡¡¡¦XOOPS Cube

• ECM¡Ê´ë¶È¸þ¤±¥³¥ó¥Æ¥ó¥Ä´ÉÍý¥·¥¹¥Æ¥à¡Ë
  ¡¡¡¦Alfresco

• ¥Ö¥í¥°
  ¡¡¡¦MovableType

• CRM
  ¡¡¡¦SugarCRM

Secioss Access Manager Eterprise Cloud

• ¥°¥ë¡¼¥×¥¦¥§¥¢
  ¡¡¡¦Aipo4
  ¡¡¡¦¥µ¥¤¥Ü¥¦¥º¥¬¥ë¡¼¥ó£²

• ¶ÐÂÕ´ÉÍý
  ¡¡¡¦MosP

• SaaS¥µ¡¼¥Ó¥¹
  ¡¡¡¦Salesforce
  ¡¡¡¦Google Apps

• ¥Ý¡¼¥¿¥ë
  ¡¡¡¦XOOPS Cube

• ¥Ö¥í¥°
  ¡¡¡¦MovableType

• CRM
  ¡¡¡¦SugarCRM

²Á³Ê

¥½¥Õ¥È¥¦¥§¥¢

¥é¥¤¥»¥ó¥¹²Á³Ê¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ë¤ªÌä¹ç¤»²¼¤µ¤¤¡£

¥µ¥Ý¡¼¥È

ǯ´Ö¤Î¥µ¥Ý¡¼¥ÈÎÁ¤Ï¡¢¥é¥¤¥»¥ó¥¹²Á³Ê¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£ 

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤ÎÆâÍƤϰʲ¼¤Ë¤Ê¤ê¤Þ¤¹¡£

• À½ÉʤΥ¤¥ó¥¹¥È¡¼¥ëÊýË¡¡¢ÀßÄêÊýË¡¡¢µ¡Ç½¤Ë´Ø¤¹¤ë¥á¡¼¥ë¤Ë¤è¤ë¥Þ¥Ë¥å¥¢¥ë¥ì¥Ù¥ë¤ÎÌ䤤¹ç¤ï¤»Âбþ

• ¥á¡¼¥ë¤Ç¤Î¥ª¥Õ¥µ¥¤¥È¾ã³²Ä´ºº 

• À½ÉʤΥޥ¤¥Ê¡¼¥Ð¡¼¥¸¥ç¥ó¥¢¥Ã¥×ÈǤÎÄó¶¡

Ìä¹ç¤»

ËÜÀ½Éʤ˴ؤ¹¤ë¤ªÌä¹ç¤»¤Ï¤³¤Á¤é¤«¤é¤ª´ê¤¤¤·¤Þ¤¹¡£

• Secioss OTP
  ·ÈÂÓÅÅÏäò»ÈÍѤ·¤¿¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤Î¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Ç¤¹¡£
   

• Secioss Identity Suite Cloud Edition SP
  Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËSAML¡¢OpenIDǧ¾Ú¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óµ¡Ç½¤ÈIDƱ´üÍÑWeb API¤òÉղ乤륽¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£

• Secioss Identity Suite GAE Edition
  Goolge App Engine¾å¤ÇÆ°ºî¤¹¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈIDÏ¢·ÈÍѤΥ¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤òÄ󶡤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£
   

Secioss OTP¤Î¥½¥Õ¥È¥¦¥§¥¢¤È¥Þ¥Ë¥å¥¢¥ë¤Ï°Ê²¼¤«¤é¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¤¯¤À¤µ¤¤¡£

¥½¥Õ¥È¥¦¥§¥¢¡§secioss-otp-2.0.0.tgz
¥Þ¥Ë¥å¥¢¥ë¡§SeciossOTPmanual.pdf

Secioss OTP¤Î¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¤È¤·¤Æ¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£
¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¡§http://sourceforge.jp/projects/seciossotp/

ǧ¾Ú¥µ¡¼¥Ð¤Î¥¤¥ó¥¹¥È¡¼¥ë

´Ä¶­

• OS: CentOS 5  ¤Þ¤¿¤ÏRedHat Enterprise Linux 5

• Web¥µ¡¼¥Ð: Apache 2.2.3

• LDAP¥µ¡¼¥Ð: OpenLDAP 2.3.43

ɬÍפʥ½¥Õ¥È¥¦¥§¥¢¤Î¥¤¥ó¥¹¥È¡¼¥ë

¼¡¤Î¥½¥Õ¥È¥¦¥§¥¢¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£

  # yum install php-pear
  # yum install php-ldap
  # yum install php-pear-Log 

ionCube loader¤òhttp://www.asial.co.jp/ioncube/encoder/download_loaders.php¤«¤é¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£

Secioss OTPǧ¾Ú¥µ¡¼¥Ð¤Î¥¤¥ó¥¹¥È¡¼¥ë

Secioss OTPǧ¾Ú¥µ¡¼¥Ð¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£ ¥À¥¦¥ó¥í¡¼¥É¤·¤¿¥Õ¥¡¥¤¥ë¤òŸ³«¤·¤Æ¡¢¥¤¥ó¥¹¥È¡¼¥ë¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£

  # tar zxvf secioss-otp-2.0.x.tgz
  # cd secioss-otp-2.0.x
  # ./install.sh install

OpenLDAP¤ÎÀßÄê

OpenLDAP¤ÎÀßÄê¥Õ¥¡¥¤¥ë"/etc/openldap/slapd.conf"¤Ë¼¡¤ÎÀßÄê¤òÄɲ䷤Ʋ¼¤µ¤¤¡£

include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/secioss.schema

¥æ¡¼¥¶¾ðÊó¤ÎÅÐÏ¿¤ò¹Ô¤¤¤Þ¤¹¡£ 

dn: uid=user01,ou=People,...
objectClass: inetOrgPerson
uid: user01
cn: user01
sn: user01
userPassword: password01

Secioss OTPǧ¾Ú¥µ¡¼¥Ð¤ÎÀßÄê

"/var/www/conf/config.ini"¤ò´Ä¶­¤Ë¹ç¤ï¤»¤ÆÊѹ¹¤·¤Æ²¼¤µ¤¤¡£

[password]
storage = "LDAP"
uri = <LDAP¥µ¡¼¥Ð¤ÎURI>
binddn = <LDAP¥µ¡¼¥Ð¤ËÀܳ¤¹¤ë¥æ¡¼¥¶¤ÎDN>
bindpw = <LDAP¥µ¡¼¥Ð¤ËÀܳ¤¹¤ë¥Ñ¥¹¥ï¡¼¥É>
basedn = <¥æ¡¼¥¶¤ò¸¡º÷¤¹¤ë¥Ù¡¼¥¹DN>
keyfile = "/var/www/conf/auth_tkt.conf"

¼¡¤Ë"/var/www/conf/auth_tkt.conf"¤Ë°Å¹æ²½¥­¡¼¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£Secioss OTP¤Ï¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ÎPIN¤È¥·¡¼¥¯¥ì¥Ã¥È¤ò°Å¹æ²½¤·¤ÆLDAP¥µ¡¼¥Ð¤ËÊݸ¤·¤Þ¤¹¤Î¤Ç¡¢¤½¤ÎºÝ¤Î°Å¹æ²½¤Ë¤³¤Î¥­¡¼¤ò»ÈÍѤ·¤Þ¤¹¡£

TKTAuthSecret    <Ǥ°Õ¤Îʸ»úÎó>

PIN¤ÎÅÐÏ¿

»öÁ°¤ËPIN¤ò¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤ÇÄÌÃΤ¹¤ë¤¿¤á¤Î¥á¡¼¥ë¥µ¡¼¥Ð¤È¥á¡¼¥ë¤Îʸ¾Ï¤òÀßÄꤷ¤Þ¤¹¡£
ÀßÄê¥Õ¥¡¥¤¥ë"/var/www/conf/mail-config.ini"¤Ë¥á¡¼¥ë¥µ¡¼¥Ð¤Î¾ðÊó¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£

postmaster = <Á÷¿®¸µ¤Î¥á¡¼¥ë¥¢¥É¥ì¥¹>
smtp = <¥á¡¼¥ë¥µ¡¼¥Ð>:<¥Ý¡¼¥ÈÈÖ¹æ>
smtpauth_user = <SMTPǧ¾Ú¤Î¥æ¡¼¥¶>
smtpauth_pass = <SMTPǧ¾Ú¤Î¥Ñ¥¹¥ï¡¼¥É>

"/var/www/conf/mail-config.ini"¤Ë¥á¡¼¥ë¤Îʸ¾Ï¤òµ­½Ò¤·¤Þ¤¹¡£
${id}¡¢${name}¡¢${pin}¤Ï¡¢¤½¤ì¤¾¤ì¥æ¡¼¥¶ID¡¢»á̾¡¢PIN¤ËÃÖ´¹¤µ¤ì¤Þ¤¹¡£

Subject: PINÄÌÃÎ
${id} ${name}¤µ¤ó
¤¢¤Ê¤¿¤ÎPIN¤Ï¡¢${pin}¤Ç¤¹¡£

PIN¤òȯ¹Ô¤¹¤ë¥æ¡¼¥¶¤Î¥æ¡¼¥¶ID¤ÈPIN¤òÅÐÏ¿¤·¤¿CSV¥Õ¥¡¥¤¥ë¤òºîÀ®¤·¤Þ¤¹¡£1¹Ô¤Ë1¥æ¡¼¥¶¤òµ­½Ò¤·¤Þ¤¹¡£

<¥æ¡¼¥¶ID>,<PIN>

°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢LDAP¤Ë¥æ¡¼¥¶¤ÎPIN¤¬ÅÐÏ¿¤µ¤ì¡¢¤½¤ÎPIN¤¬¥á¡¼¥ë¤Ç¥æ¡¼¥¶¤ËÄÌÃΤµ¤ì¤Þ¤¹¡£
  # /opt/secioss/sbin/otpadd add <CSV¥Õ¥¡¥¤¥ë> <¥¨¥é¡¼½ÐÎÏ¥Õ¥¡¥¤¥ë>

LISM Administrator¤òƳÆþ¤¹¤ë¤È¡¢¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç¤Ï¤Ê¤¯¡¢Web¤«¤é¥æ¡¼¥¶¤Î´ÉÍý¤«¤éPIN¤Îȯ¹Ô¤Þ¤Ç¹Ô¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£LISM Administrator¤Ë¤Ä¤¤¤Æ¤Ï¡¢LISM Administrator¤Î¥Þ¥Ë¥å¥¢¥ë¤ò¤´Í÷²¼¤µ¤¤¡£

¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Î¥¤¥ó¥¹¥È¡¼¥ë

http://www.secioss.co.jp/otp/¤«¤é·ÈÂÓÅÅÏä˥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£
iPhone¤Î¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Ë¤Ä¤¤¤Æ¤Ï¡¢App Store¤«¤é"Secioss OTP"¤ò¸¡º÷¤·¤Æ¡¢¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£

¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¤éSecioss OTP¤òµ¯Æ°¤·¡¢¤Þ¤º¤ÏLDAP¤ËÅÐÏ¿¤·¤¿¥æ¡¼¥¶¤ÎPIN¤òÆþÎϤ·¤Æ¡¢²èÌ̤λؼ¨¤Ë½¾¤¤¡¢¥¨¥¤¥ê¥¢¥¹¤ÎÀßÄê¤È¿·¤·¤¤¥·¡¼¥¯¥ì¥Ã¥È¤ÎÀ¸À®¤ò¹Ô¤¤¤Þ¤¹¡£

·ÈÂÓÅÅÏäβèÌ̤Ëɽ¼¨¤µ¤ì¤Æ¤¤¤Æ¤¤¤ë¥·¡¼¥¯¥ì¥Ã¥È¤ò”http://<Secioss OTPǧ¾Ú¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾>/user/index.php”¤«¤é¡¢LDAP¤ËÅÐÏ¿¤·¤¿¥æ¡¼¥¶¤Ç¥í¥°¥¤¥ó¤·¤ÆÅÐÏ¿¤·¤Æ²¼¤µ¤¤¡£

Web¤«¤é¥·¡¼¥¯¥ì¥Ã¥È¤ÎÅÐÏ¿¤¬´°Î»¤·¤Þ¤·¤¿¤é¡¢·ÈÂÓÅÅÏäΥ·¡¼¥¯¥ì¥Ã¥È¤Îɽ¼¨²èÌ̤μ¡¤Ë¿Ê¤à¤È¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£
¼¡²ó°Ê¹ß¤Ï¡¢PINÆþÎϸ塢¥¨¥¤¥ê¥¢¥¹¤òÁªÂò¤¹¤ì¤Ð¡¢¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú

Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤«¤é¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤ò¹Ô¤¦¤Ë¤Ï¡¢°Ê²¼¤ÎÊýË¡¤Çǧ¾Ú¥µ¡¼¥Ð¤Ë¥æ¡¼¥¶ID¤È¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤òÁ÷¿®¤·¤Æ²¼¤µ¤¤¡£

¡¦URL¡§¡¡https://<ǧ¾Ú¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾>/pub/otp.php?userid=<¥æ¡¼¥¶ID>
¡¦POST¥Ç¡¼¥¿
¡¡- password¡§¡¡¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É

¤Þ¤¿¡¢OpenVPN¤ò»ÈÍѤ·¤¿SSL-VPN¤ÈFreeRADIUS¤ò»ÈÍѤ·¤¿RADIUSǧ¾Ú¤Ç¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤ò»ÈÍѤ¹¤ëÊýË¡¤¬¡¢Secioss OTP¤Î¥Þ¥Ë¥å¥¢¥ë¤Î”6. ¥·¥¹¥Æ¥à¤È¤ÎÏ¢·È”¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢¤½¤Á¤é¤ò»²¹Í¤Ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤ò»î¤·¤Æ¤ß¤Æ²¼¤µ¤¤¡£

¢¨¤Î¹àÌܤÏɬ¿Ü¹àÌܤȤʤê¤Þ¤¹

´Ä¶­

OS

°Ê²¼¤Î¥½¥Õ¥È¥¦¥§¥¢¤ò£±Âæ¤ÎLinux¥Þ¥·¥ó¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤Þ¤¹¡£

• OpenLDAP¡§¡¡CentOS 5

• MosP¶ÐÂÕ´ÉÍýV3¡§¡¡CentOS 5

• LISM¡§¡¡CentOS 5

OpenLDAP

OpenLDAP¤ÏCentOS5¤Ë¼ýÏ¿¤µ¤ì¤Æ¤¤¤ë¥Ð¡¼¥¸¥ç¥ó2.3.43¤ò»ÈÍѤ·¤Þ¤¹¡£¥Ç¥£¥ì¥¯¥È¥ê¥Ä¥ê¡¼¤Î¥µ¥Õ¥£¥Ã¥¯¥¹¤Ï¡¢"dc=secioss,dc=co,dc=jp"¤È¤·¡¢¥æ¡¼¥¶¾ðÊó¤Ï"ou=People,dc=secioss,dc=co,dc=jp"ÇÛ²¼¤ËÇÛÃÖ¤·¤Þ¤¹¡£

MosP¶ÐÂÕ´ÉÍý

Mosp¶ÐÂÕ´ÉÍý¤Ï¡¢¥Ð¡¼¥¸¥ç¥ó3¤ò»ÈÍѤ·¤Æ¤¤¤Þ¤¹¡£

¥¤¥ó¥¹¥È¡¼¥ë¡¦ÀßÄê

LISMÍÑOpenLDAP¡¢LISM¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÈLISMÍÑOpenLDAP¡¢LISM¥³¥Þ¥ó¥É¤ÎÀßÄê¤Ï¡ÖLISM¤ò»ÈÍѤ·¤¿Active Directory¡¦OpenLDAP´Ö¤Î¥æ¡¼¥¶¾ðÊóƱ´ü¡×¤ò»²¹Í¤Ë¹Ô¤Ã¤Æ²¼¤µ¤¤¡£

LISM¤ÎÀßÄê

LISM¤ò°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Þ¤¹¡£

/usr/local/lism/etc/lism.conf

<config>
  <sync>
    <transaction>off</transaction>
    <data name="Kintai">
      <object name="User">
        <masterdn>ou=People</masterdn>
        <masterfilter>(!(uid=admin))</masterfilter>
        <masterattr>
          <name>objectClass</name>
        </masterattr>
        <masterattr>
          <name>cn</name>
        </masterattr>
      </object>
    </data>
    <master>
      <containerdn>ou=Master</containerdn>
      <data>LDAP</data>
    </master>
  </sync>
  <data name="Kintai">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=Kintai</rdn>
      <attr name="description">Kintai</attr>
    </container>
    <storage name="SQL" hash="MD5:hex:2">
      <dsn>DBI:mysql:kintai:l192.168.1.2</dsn>
      <admin>root</admin>
      <passwd>secret</passwd>
      <mbcode>cp932</mbcode>
      <initquery>set names cp932</initquery>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <noop>add</noop>
        <noop>modify</noop>
        <noop>delete</noop>
        <table>CM_USER</table>
        <id>
          <column>USER_ID</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>USER_ID</column>
        </attr>
        <attr name="cn">
          <column>USER_NAME</column>
        </attr>
      </object>
    </storage>
  </data>
  <data name="LDAP">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=LDAP</rdn>
    </container>
    <handler name="Setval">
      <libload>LISM/Utils/lism_util.pl</libload>
      <entry dn="uid=[^,]+,ou=People,">
        <default name="userPassword">
          <value type="function">getValue($entryStr, 'uid')</value>
        </default>
        <default name="sn">
          <value type="function">(split(/ /, getValue($entryStr, 'cn')))[0]</value>
        </default>
      </entry>
    </handler>
    <storage name="LDAP" hash="SHA">
      <uri>ldap://192.168.1.3/dc=secioss,dc=co,dc=jp</uri>
      <binddn>cn=Manager,dc=secioss,dc=co,dc=jp</binddn>
      <bindpw>secret</bindpw>
    </storage>
  </data>
</config>

°Ê¾å¤ÎÀßÄ꤬´°Î»¤·¤¿¤é¡¢LISM¤òµ¯Æ°¤·¤Þ¤¹¡£
# /usr/local/lism/libexec/slapd -h ldap://:3890

¥æ¡¼¥¶¾ðÊó¤ÎƱ´ü

MosP¤Î¥æ¡¼¥¶¾ðÊó¤òOpenLDAP¤ËƱ´ü¤µ¤»¤ë¤¿¤á¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£

# /usr/local/lism/sbin/lismsync update master

¤Þ¤¿¡¢Æ±´ü¤Ï¹Ô¤ï¤º¤Ë¥æ¡¼¥¶¾ðÊó¤Îº¹Ê¬¤ò³Îǧ¤·¤¿¤¤¾ì¹ç¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£

# /usr/local/lism/sbin/lismsync read master

¤Þ¤È¤á

º£²ó¤Ï¡¢¥æ¡¼¥¶¾ðÊó¤ÎƱ´ü¤ò¹Ô¤¤¤Þ¤·¤¿¤¬¡¢MosP¤ÎÉô½ð¡¢Ìò¿¦¤Î¾ðÊó¤òOpenLDAP¤Î¥°¥ë¡¼¥×¤ËƱ´ü¤µ¤»¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£

¥È¡¼¥¯¥ó¤Ë¡¢½¾Íè¤Î¤è¤¦¤ÊÀìÍѵ¡´ï¤Ç¤Ï¤Ê¤¯¡¢Ã¯¤Ç¤â»ý¤Ã¤Æ¤¤¤ë·ÈÂÓÅÅÏäȥª¡¼¥×¥ó¥½¡¼¥¹¤Î¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤òÍøÍѤ¹¤ë¤³¤È¤Ç¡¢µ¡´ï¤Î¹ØÆþ¤ä¥æ¡¼¥¶¤Ø¤ÎÇÛÉÛ¥³¥¹¥È¤ò̵¤¯¤·¡¢Ç§¾Ú¥µ¡¼¥Ð¤â̵½þ¤ÇÍøÍѲÄǽ¤Ç¤¹¤Î¤Ç¡¢½¾Íè¤è¤ê¤âÂçÉý¤ËÄ㤤¥³¥¹¥È¤Ç¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤òƳÆþ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

Secioss OTP¤Ï¡¢¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Ë¤è¤ê60ÉÃËè¤ËÀ¸À®¤µ¤ì¤ë1²ó¸Â¤êÍ­¸ú¤Ê¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆËÜ¿Íǧ¾Ú¤ò¹Ô¤¤¤Þ¤¹¡£¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È·Ðͳ¤Ç·ÈÂÓÅÅÏä˥À¥¦¥ó¥í¡¼¥É¤·¤ÆÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

Secioss OTP¤Îǧ¾Ú¥µ¡¼¥Ð¤Ï¡¢¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤È¤·¤ÆREST¡¢µÚ¤Ó¥ª¥×¥·¥ç¥ó¤ÇRADIUS¤òÄ󶡤·¤Æ¤ª¤ê¤Þ¤¹¤Î¤Ç¡¢Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤äVPN¡¢Unix·ÏOS¤Îǧ¾Ú¤ò´Êñ¤Ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ËÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¤µ¤é¤Ë¡¢¥»¥·¥ª¥¹¤ÎSecioss Identity Suite Cloud Edition¤äSecioss Access Manager Enterprise¤ÈÏ¢·È¤¹¤ë¤³¤È¤Ç¡¢Google Apps¤äSalesforceÅù¤ÎSaaS¥µ¡¼¥Ó¥¹¤Ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤òŬÍѤ¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

Secioss OTP¤Î¥À¥¦¥í¡¼¥É¤Ï¡¢¤³¤Á¤é¤«¤é¹Ô¤Ã¤Æ²¼¤µ¤¤¡£

¥½¥Õ¥È¥¦¥§¥¢

Secioss OTP¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥ó

¥é¥¤¥»¥ó¥¹¤¬GPL¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£°Ê²¼¤Î¥­¥ã¥ê¥¢¤Î·ÈÂÓÅÅÏäËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£

• NTT¥É¥³¥â

• au

• Softbank

• iPhone

Secioss OTPǧ¾Ú¥µ¡¼¥Ð

°Ê²¼¤ÎOS¤ÇÆ°ºî¤·¤Þ¤¹¡£

• RedHat Enterprise Linux 5

• CentOS 5  

RADIUS¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï°Ê²¼¤Î´Ä¶­¤¬É¬Íפˤʤê¤Þ¤¹¡£

• OS¡§ RedHat Enterprise Linux 5¡¢CentOS 5

• RADIUS¥µ¡¼¥Ð¡§ FreeRadius 2

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹

Í­½þ¤Î¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤ò¹Ô¤Ã¤Æ¤ª¤ê¤Þ¤¹¡£

¥µ¥Ý¡¼¥È¡¦¥µ¡¼¥Ó¥¹¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¤³¤Á¤é¤«¤é¤ªÌä¹ç¤»²¼¤µ¤¤¡£

ÍÍ¡¹¤Ê¥·¥¹¥Æ¥à¤ò»ÈÍѤ¹¤ëÃæ¤Ç¡¢ID¤òÊ£¿ô¸ºß¤¹¤ë¥·¥¹¥Æ¥à¤Ë¤ï¤¿¤Ã¤Æ´ÉÍý¤¹¤ë±¿ÍѤÎÉé²Ù¤òºï¸º¤·¤¿¤¤¤È¤¤¤¦Í×˾¤¬¤´¤¶¤¤¤Þ¤·¤¿¡£

¤½¤³¤Ç¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¤ÎÅý¹çID´ÉÍý¥½¥Õ¥È¥¦¥§¥¢LISM¤òƳÆþ¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢Á´¥·¥¹¥Æ¥à¤ÎID¤òÅý¹ç´ÉÍý¤·¡¢±¿ÍÑ¥³¥¹¥È¤òºï¸º¤¤¤¿¤·¤Þ¤·¤¿¡£

ƳÆþ¸ú²Ì

• ID´ÉÍý¥³¥¹¥Èºï¸º
  ´ÉÍý¼Ô¤Ï¡¢£±²ó¤Î¹¹¿·¤Ç¥æ¡¼¥¶¾ðÊó¡¢¥°¥ë¡¼¥×¾ðÊó¡¢¥í¡¼¥ë¾ðÊó¤òÁ´¥½¥Õ¥È¥¦¥§¥¢¤ËƱ´ü¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

• ¥»¥­¥å¥ê¥Æ¥£¤Î¸þ¾å
  ID´ÉÍý¤ò°ì¸µ²½¤¹¤ë¤³¤È¤Ç´ÉÍý¥ß¥¹¤òͽËɤ·¡¢Ì¤»ÈÍÑIDÅù¤ÎÉÔÀµ¥¢¥«¥¦¥ó¥È¤¬»Ä¤ë¤³¤È¤ò²óÈò¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

Åý¹çID´ÉÍý

º£²ó¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢LDAP¥µ¡¼¥Ð¡ÊOpenLDAP¡Ë¤ò¥Þ¥¹¥¿¥Ç¡¼¥¿¤È¤·¤Æ¡¢¥³¥ó¥Æ¥ó¥Ä´ÉÍý¡¢¥Ý¡¼¥¿¥ë¡¢Google Apps¤Î¥æ¡¼¥¶¾ðÊó¡¢¥°¥ë¡¼¥×¾ðÊ󡢤µ¤é¤Ë¥í¡¼¥ë¾ðÊó¤òLISM¤«¤éÅý¹çŪ¤Ë´ÉÍý¤¹¤ë´Ä¶­¤ò¹½ÃÛ¤·¤Þ¤·¤¿¡£

LISM¤Ë´Ø¤·¤Æ¤Ï¡¢³Æ¥½¥Õ¥È¥¦¥§¥¢¤¬¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È¹½À®¤È¤Ê¤Ã¤Æ¤¤¤¿¤¿¤á¡¢¤½¤ì¤Ë¹ç¤ï¤»¤ÆLISM¤â¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È¤ËÂбþ¤¹¤ë¤È¤È¤â¤Ë¡¢¥·¥¹¥Æ¥à¤È¤ÎÀܳ¤Ë¤Ï¡¢REST API¡¢SOAP APIÅù¤ÎÀܳ¥â¥¸¥å¡¼¥ë¤ò¿·µ¬Äɲ乤뤳¤È¤ÇÂбþ¤·¤Þ¤·¤¿¡£

¥·¥¹¥Æ¥à¹½À®

• OS¡§ RedHat Enterprise Linux 5

• LDAP¥µ¡¼¥Ð¡§ OpenLDAP 2.3

• Åý¹çID´ÉÍý¥µ¡¼¥Ð¡§ LISM 2.3

³ô¼°²ñ¼Ò¥»¥·¥ª¥¹

³ô¼°²ñ¼Ò¥Þ¥¤¥ó¥É

¥»¥·¥ª¥¹¤Î¥¯¥é¥¦¥É¸þ¤±¥·¥ó¥°¥ë¥µ¥¤¥ª¥óÅý¹çID´ÉÍý¡ÖSecioss Identity Suite Cloud Edition¡×¤È¥Þ¥¤¥ó¥É¤Î¹ñÆâ½é½ã¹ñ»º¥ª¡¼¥×¥ó¥½¡¼¥¹¶ÐÂÕ´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖMosP¡×¤¬¥·¥¹¥Æ¥àÏ¢·È

³ô¼°²ñ¼Ò¥»¥·¥ª¥¹¡Ê½êºßÃÏ¡§ÅìµþÅÔË­Åç¶è¡¢Âåɽ¼èÄùÌò¡¡´Ø¸ý¡¡·°¡¢°Ê²¼¡¢¥»¥·¥ª¥¹¡Ë¤Ï³ô¼°²ñ¼Ò¥Þ¥¤¥ó¥É¡Ê½êºßÃÏ¡§¿ÀÆàÀÀîºê»Ô¡¢Âåɽ¼èÄùÌò¼ÒĹ¡¡²°Âå¿¿¸ã¡¢°Ê²¼¡¢¥Þ¥¤¥ó¥É¡Ë¤Î¹ñÆâ½é¤Î½ã¹ñ»º¥ª¡¼¥×¥ó¥½¡¼¥¹¶ÐÂÕ´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖMosP¶ÐÂÕ´ÉÍýV3¡×¤Ë¥¯¥é¥¦¥É¸þ¤±¥·¥ó¥°¥ë¥µ¥¤¥ª¥ó/Åý¹çID´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖSecioss Identity Suite Cloud Edition¡×¤òÏ¢·È¤µ¤»¤¿¤³¤È¤òȯɽ¤¤¤¿¤·¤Þ¤·¤¿¡£

¥»¥·¥ª¥¹¤Ï¥Þ¥¤¥ó¥É¤ÎMosP¥¹¥È¥é¥Æ¥¸¥Ã¥¯¥Ñ¡¼¥È¥Ê¡¼¤ËÅÐÏ¿¤·¡¢´û¤Ë¥¤¥ó¥È¥é¥Í¥Ã¥È¸þ¤±¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó/Åý¹çID´ÉÍý¥½¥ê¥å¡¼¥·¥ç¥ó¡ÖSecioss Identity/Access Manager Enterprise¡×¤ÈMosPÀ½ÉʤÎÏ¢·È¤Ë¤ÏÂбþ¤·¤Æ¤¤¤Þ¤·¤¿¡£º£²óSaaS´ðÈפËÂбþ¤·¤¿MosPÀ½ÉʤȤÎÏ¢·È¤ò²Äǽ¤È¤·¤¿¤³¤È¤Ç¡¢º£¸åSaaS¥µ¡¼¥Ó¥¹¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó²½¤ò¿ä¿Ê¤·¤Æ¤¤¤¯·×²è¤Ç¤¹¡£

¢£¡ÖSecioss Identity Suite Cloud Edition¡×¤È¤Ï

¥¯¥é¥¦¥É¥³¥ó¥Ô¥å¡¼¥Æ¥£¥ó¥°´Ä¶­¤Ë¤ª¤¤¤Æ¡¢SAML 2.0¡¢OpenID 2.0¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤äSOAPÄÌ¿®¤Ë¤è¤ë¥¢¥«¥¦¥ó¥ÈƱ´ü¤ò¥µ¥¤¥È´Ö¤Ç¼Â¸½¤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£¡ÖSecioss Identity Suite Cloud Edition¡×¤Ï¡¢Ç§¾Ú¥¯¥é¥¤¥¢¥ó¥È¤ÎSP¤ò¥ª¡¼¥×¥ó¥½¡¼¥¹¤È¤·¤ÆGPL¤ÇÄ󶡤·¤Æ¤ª¤ê¡¢Ç§¾Ú¥µ¡¼¥Ð¤ÎIDP¤â¥½¥Õ¥È¥¦¥§¥¢¤ò̵ÎÁ¤ÇÄ󶡤·¤Æ¤¤¤Þ¤¹¡£
¾ÜºÙ¡§http://www.secioss.co.jp/2009/05/idsecioss_identity_suite_clou.html

¢£¡ÖMosP¶ÐÂÕ´ÉÍý V3.2.0¡×¤È¤Ï

¡ÖMosP¡×¤È¤Ï2006ǯ¤Ë³ô¼°²ñ¼Ò¥Þ¥¤¥ó¥É¤¬Ä󾧤·¤¿¹ñÆâ½é¤Î½ã¹ñ»º¥ª¡¼¥×¥ó¥½¡¼¥¹¿Í»öµëÍ¿¡¦¶ÐÂÕ´ÉÍý¥·¥¹¥Æ¥à¤Ç¤¹¡£Java¤Ç³«È¯¤·¤¿Web¥·¥¹¥Æ¥à¤ò¥ª¡¼¥×¥ó¥½¡¼¥¹GPL¤ÇÄ󶡤·¤Æ¤¤¤Þ¤¹¡£¡ÖMosP¶ÐÂÕ´ÉÍý V3.2.0¡×¤È¤Ï¡¢»Ô¾ì¤«¤éÃíÌܤò½¸¤á¤Æ¤¤¤ëOpenOffice.org¤ØÂбþ¤·¤¿MosP¶ÐÂÕ´ÉÍý¤ÎºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Ë¤Ê¤ê¤Þ¤¹¡£¾ÜºÙ¤Ï²¼µ­URL¤ò»²¾È¤¯¤À¤µ¤¤¡£
MosP¡¡URL¡§http://www.mosp.jp/
¢¨¾åµ­¥µ¥¤¥È¤Ë¤Æ¡¢µ»½Ñ¾ðÊó¤ä¥Þ¥Ë¥å¥¢¥ë¡¢¥×¥í¥°¥é¥à¤Î¥À¥¦¥ó¥í¡¼¥É¾ðÊó¤ò¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£

¢£³ô¼°²ñ¼Ò¥»¥·¥ª¥¹¤Ë¤Ä¤¤¤Æ

¾¦¹æ ³ô¼°²ñ¼Ò¥»¥·¥ª¥¹¡¡¡Ê±Ñ¸ìɽµ­¡§SECIOSS CO.,LTD¡Ë
ËÜ¼Ò ¢©171-0014 ÅìµþÅÔË­Åç¶èÃÓÂÞ£´¡Ý£³£¶¡Ý£±£· ASSÂ裳¥Ó¥ë£¶£°£±
TEL 03-6902-1764
URLhttp://www.secioss.co.jp/
ÀßΩ 2007ǯ5·î
»ö¶ÈÆâÍÆ
  ¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤ò´ðÈפȤ·¤¿¥½¥ê¥å¡¼¥·¥ç¥ó¤Î³«È¯¡¢ÈÎÇä
  ¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤ÎƳÆþ¤Ë´Ø¤¹¤ë¥³¥ó¥µ¥ë¥Æ¥£¥ó¥°
»ñËܶâ 13,000,000±ß
Âåɽ¼Ô Âåɽ¼èÄùÌò¼ÒĹ¡¡´Ø¸ý¡¡·°
¼è°úÀè
  VA Linux Systems Japan³ô¼°²ñ¼Ò
  ³ô¼°²ñ¼Ò¥¢¥¤¡¦¥Æ¥£¡¦¥Õ¥í¥ó¥Æ¥£¥¢
  Âçʬ¥·¡¼¥¤¡¼¥·¡¼³ô¼°²ñ¼Ò
  ¥µ¥¤¥ª¥¹¥Æ¥¯¥Î¥í¥¸¡¼³ô¼°²ñ¼Ò
  ³ô¼°²ñ¼Ò¥·¥¹¥Æ¥à·×²è¸¦µæ½ê
  ÆüËÜÅÅ¿®ÅÅÏóô¼°²ñ¼Ò
  ³ô¼°²ñ¼Ò¥Õ¥¡¡¼¥¹¥È¡¡Åù
  ¡Ê½çÉÔƱ¡Ë

¢£³ô¼°²ñ¼Ò¥Þ¥¤¥ó¥É¤Ë¤Ä¤¤¤Æ

¾¦¹æ ³ô¼°²ñ¼Ò¥Þ¥¤¥ó¥É¡¡¡Ê±Ñ¸ìɽµ­¡§MIND CO.,LTD¡Ë
ËÜ¼Ò ¢©210-0005 ¿ÀÆàÀÀîºê»ÔÀîºê¶èÅìÅÄÄ®£¶¡Ý£² ¥ß¥ä¥À¥¤¥Ó¥ë£¸£Æ
TEL 044-272-9093
URLhttp://www.e-mind.co.jp/
ÀßΩ 1987ǯ11·î20Æü
»ö¶ÈÆâÍÆ
  MosP¶È̳¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥í¥¸¥§¥¯¥È¤Î±¿±Ä
  ¶È̳¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¼õÂ÷³«È¯
  ÄÌ¿®·Ï¡¢ÁȤ߹þ¤ß·Ï¥·¥¹¥Æ¥à³«È¯
»ñËܶâ 10,000,000±ß
Âåɽ¼Ô Âåɽ¼èÄùÌò¼ÒĹ¡¡²°Âå¡¡¿¿¸ã
¼è°úÀè
  ¥¢¥¯¥·¥¹¥½¥Õ¥È³ô¼°²ñ¼Ò
  £Î£Ô£Ô¥³¥ß¥å¥Ë¥±¡¼¥·¥ç¥ó¥º³ô¼°²ñ¼Ò
  £Î£Ô£Ô¥Õ¥¡¥Í¥Ã¥È¥·¥¹¥Æ¥à¥º³ô¼°²ñ¼Ò
  ³ô¼°²ñ¼ÒÆüËܥƥ¯¥Î³«È¯
  ³ô¼°²ñ¼ÒÆüΩ¥¢¥É¥Ð¥ó¥¹¥È¥·¥¹¥Æ¥à¥º
  Å쳤¹©¶È³ô¼°²ñ¼Ò¡¡Åù
  ¡Ê½çÉÔƱ¡Ë
½ê°ÃÄÂÎ
  OSS¥³¥ó¥½¡¼¥·¥¢¥à
  ÀîºêÆîË¡¿Í²ñ
  ¿ÀÆàÀÃæ¾®´ë¶È²ÈƱͧ²ñ

°Ê¾å

¡ãËÜ·ï¤Ë´Ø¤¹¤ëÊóÆ»´Ø·¸¼Ô¤«¤é¤Î¤ªÌ䤤¹ç¤ï¤»Àè¡ä

³ô¼°²ñ¼Ò¥»¥·¥ª¥¹
¹­Êó¡¡Ã´Åö¡§´Ø¸ý (¹î¸Ê)
TEL¡§03-6902-1764 / Email¡§info@secioss.co.jp

³ô¼°²ñ¼Ò¥Þ¥¤¥ó¥É
¹­Êó¡¡Ã´Åö¡§²°Âå¡ÊϾ­¡Ë¡¢Ã«Áê
TEL¡§044-272-9093 / Email¡§pr@e-mind.co.jp

¢¨Ê¸Ãæ¤Ë°úÍѤµ¤ì¤¿¼Ò̾¡¿À½ÉÊ̾¡¿¥µ¡¼¥Ó¥¹Ì¾¡¿¥í¥´¤Ë¤Ä¤¤¤Æ¤Ï¡¢³Æ¡¹¤Î²ñ¼Ò¤Î¾¦É¸¤Ê¤¤¤·¤ÏÅÐÏ¿¾¦É¸¤Ç¤¢¤ê¡¢³Æ½êÍ­¼Ô¤¬¾¦É¸¸¢¤òÊÝ»ý¤·¤Æ¤¤¤Þ¤¹¡£

¢¨¤Î¹àÌܤÏɬ¿Ü¹àÌܤȤʤê¤Þ¤¹

¤µ¤é¤Ë¡¢Google Apps/SalesforceÏ¢·È¥â¥¸¥å¡¼¥ë¤òÄɲ乤뤳¤È¤Ç¡¢Google Apps¡¢Salesforce¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤¬²Äǽ¤Ë¤Ê¤ê¡¢Google Apps¤Ë¤Ä¤¤¤Æ¤Ï¥¢¥«¥¦¥ó¥ÈƱ´ü¤â²Äǽ¤Ç¤¹¡£
¢¨Google Apps/SalesforceÏ¢·È¥â¥¸¥å¡¼¥ë¤ÏÍ­½þ¤È¤Ê¤ê¤Þ¤¹¡£

Secioss Identity Suite Cloud Edition¤Ï¡¢SP¡ÊService Provider¡Ë¤ÈIDP¡ÊIdentity Provider¡Ë¤«¤é¹½À®¤µ¤ì¤Æ¤ª¤ê¡¢SaaS¥µ¡¼¥Ó¥¹¤òÄ󶡤µ¤ì¤Æ¤¤¤ë¥Ù¥ó¥ÀÍÍÅù¤Ï¡¢Secioss Identity Suite Cloud Edition SP¤òÍøÍѤ¹¤ë¤³¤È¤Ç¡¢SaaS¥µ¡¼¥Ó¥¹¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¢¥¢¥«¥¦¥ó¥ÈƱ´ü¤Îµ¡Ç½¤ò´Êñ¡¢Ã»´ü´Ö¡¢Ä㥳¥¹¥È¤ÇƳÆþ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¤µ¤é¤Ë¡¢SaaS¥µ¡¼¥Ó¥¹¤òÍøÍѤµ¤ì¤Æ¤¤¤ë¸ÜµÒ´ë¶È¤Ë¡¢Secioss Identity Suite Cloud Edition IDP¤òƳÆþ¤¹¤ë¤³¤È¤Ç¡¢Secioss Identity Suite Cloud Edition SP¤òƳÆþ¤·¤Æ¤¤¤ëSaaS¥µ¥¤¥È¤È´ë¶È´Ö¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¢¥¢¥«¥¦¥ó¥ÈƱ´ü¤òGUI´ÉÍý¥Ä¡¼¥ë¤«¤é¤Î´Êñ¤ÊÀßÄê¤Ç¼Â¸½¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

• ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
  SAML¡¢OpenID¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¤¤Þ¤¹¡£
  Åý¹çWindowsǧ¾Ú¤Ë¤âÂбþ¤·¤Æ¤ª¤ê¡¢Windows¥Þ¥·¥ó¤Ë¥í¥°¥¤¥ó¤¹¤ì¤Ð¡¢¤½¤Î¤Þ¤ÞSaaS¥µ¡¼¥Ó¥¹¤òÍøÍѤǤ­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£

• ¥¢¥«¥¦¥ó¥ÈƱ´ü
  ´ë¶ÈÆâ¤ÎActive Directory¤äLDAP¤ÎID¤ËÂФ·¤Æ¹Ô¤ï¤ì¤¿¹¹¿·¤ò¼«Æ°Åª¤ËSaaS¥µ¡¼¥Ó¥¹¤Î¥¢¥«¥¦¥ó¥È¤ØSOAP API¤ò·Ðͳ¤·¤ÆƱ´ü¤·¤Þ¤¹¡£

¥µ¡¼¥Ó¥¹¤Ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¡¢¥¢¥«¥¦¥ó¥ÈƱ´üµ¡Ç½¤òƳÆþ¤¹¤ë¤³¤È¤Ç¡¢¸ÜµÒ´ë¶È¤Ë¤Ï¼¡¤Î¤è¤¦¤Ê¥á¥ê¥Ã¥È¤òÄ󶡤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

• ±¿ÍÑ¥³¥¹¥Èºï¸º
  ´ë¶È¤Î´ÉÍý¼Ô¤Ï¼ÒÆâ¤ÎActive Directory¡¢LDAP¤ÎID¤ò´ÉÍý¤¹¤ë¤À¤±¤Ç¡¢SaaS¥µ¡¼¥Ó¥¹¤Î¥¢¥«¥¦¥ó¥È´ÉÍý¤«¤é¤Ï³«Êü¤µ¤ì¤Þ¤¹¡£

• ¥»¥­¥å¥ê¥Æ¥£¸þ¾å
  ¥¢¥«¥¦¥ó¥È´ÉÍý¤ò¼ÒÆâ¤ÎActive Directory¡¢LDAP¤Ë°ì¸µ²½¤·¡¢Â࿦¼ÔÅù¤Î̤»ÈÍÑID¤¬SaaS¥µ¡¼¥Ó¥¹¤Ë»Ä¸¤¹¤ë¤³¤È¤òËɤ°¤³¤È¤Ç¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤«¤é¤Î¥¢¥«¥¦¥ó¥ÈÉÔÀµÍøÍѤËÂФ¹¤ëÂкö¤ò¶¯²½¤·¤Þ¤¹¡£

• À¸»ºÀ­¸þ¾å
  ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤Ë¤è¤ê¡¢¥æ¡¼¥¶¤¬SaaS¥µ¡¼¥Ó¥¹¤Ø¥í¥°¥¤¥ó¤¹¤ë¼ê´Ö¤ò¾Ê¤¯¤È¶¦¤Ë¡¢¥Ñ¥¹¥ï¡¼¥É¤ò°ì¤Ä¤Ë¤¹¤ë¤³¤È¤Ç¡¢¥Ñ¥¹¥ï¡¼¥É˺¤ì¤Ë¤è¤ë¶È̳¤ÎÃæÃǤòºï¸º¤·¤Þ¤¹¡£

Âбþ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

¼¡¤ÎWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¤ÎÏ¢·È¤¬²Äǽ¤Ç¤¹¡£

• MosP¶ÐÂÕ´ÉÍý V3.2¢¨1

• Google Apps¢¨2

• Salesforce¢¨2

¢¨1 Web¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¤ÎÏ¢·È¤Ë¤Ï¡¢¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¥í¥°¥¤¥óÏ¢·È¥â¥¸¥å¡¼¥ë¤ÎƳÆþ¤¬É¬ÍפȤʤê¤Þ¤¹¡£

¢¨2 Í­½þ¤ÎÏ¢·È¥â¥¸¥å¡¼¥ë¤¬É¬ÍפȤʤê¤Þ¤¹¡£

¥½¥Õ¥È¥¦¥§¥¢

Secioss Identity Suite Cloud Edition SP

Secioss Identity Suite Cloud Edition SP¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤È¤·¤ÆGPL¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£
¥½¥Õ¥È¥¦¥§¥¢¤Î¥À¥¦¥ó¥í¡¼¥É¤äÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢Secioss Identity Suite Cloud Edition SP¤Î¥µ¥¤¥È¤ò¤´Í÷²¼¤µ¤¤¡£

¿ä¾©´Ä¶­

• OS¡§ Linux

• Web¥µ¡¼¥Ð¡§ Apache 2.2

Secioss Identity Suite Cloud Edition IDP

Secioss Identity Suite Cloud Edition IDP¤Î¤´ÍøÍѤò¤´´õ˾¤ÎÊý¤Ï¡¢Secioss Identity Suite Cloud Edition IDP¿½¹þ¥Õ¥©¡¼¥à¤«¤é¤ª¿½¹þ²¼¤µ¤¤¡£

¿ä¾©´Ä¶­

• OS¡§ Windows Server 2003

• Web¥µ¡¼¥Ð¡§ IIS 5°Ê¹ß

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÎÀßÄê²èÌÌ	¥¢¥«¥¦¥ó¥ÈƱ´ü¤ÎÀßÄê²èÌÌ

¾¦ÍÑ¥µ¡¼¥Ó¥¹

Secioss Identity Suite Cloud Edition¤ÎÍ­½þ¥â¥¸¥å¡¼¥ë¹ØÆþ¤ä¡¢¥«¥¹¥¿¥Þ¥¤¥º¡¢Æ³Æþ»Ù±ç¡¢¾¦ÍÑ¥µ¥Ý¡¼¥È¤ò¤´´õ˾¤ÎÊý¤Ï¡¢¤³¤Á¤é¤«¤é¤ªÌä¹ç¤»²¼¤µ¤¤¡£

Secioss Identity Suite Cloud Edition¤Ï¡¢SP¡ÊService Provider¡Ë¤ÈIDP¡ÊIdentity Provider¡Ë¤«¤é¹½À®¤µ¤ì¤Æ¤ª¤ê¡¢Secioss identity Suite Cloud Edition SP¡Ê°Ê¹ßIdentity Suite Cloud SP¤È¤·¤Þ¤¹¡Ë¤òSaaS¥µ¥¤¥È¤ËƳÆþ¤¹¤ë¤³¤È¤Ç¡¢SaaS¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ°Ê²¼¤Îµ¡Ç½¤ò´Êñ¤ËÄɲ乤뤳¤È¤Ç¤­¤Þ¤¹¡£

• ¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó
  SAML¤ÎService Provider¤äOpenID¤ÎRelying Party¤È¤·¤ÆÆ°ºî¤·¡¢SAML¡¢OpenID¤Ë¤è¤ë¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ò¹Ô¤¤¤Þ¤¹¡£SaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏREST API¤Ë¤è¤ê¤³¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óµ¡Ç½¤ò´Êñ¤Ëǧ¾Úµ¡Ç½¤ØÁȤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

• ¥¢¥«¥¦¥ó¥ÈƱ´ü
  SaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥¢¥«¥¦¥ó¥È´ÉÍýÍÑSOAP API¤òÄ󶡤·¡¢SOAP·Ðͳ¤Ç¤Î¥¢¥«¥¦¥ó¥È´ÉÍý¤ä¥µ¥¤¥È´Ö¤Ç¤Î¥¢¥«¥¦¥ó¥ÈƱ´ü¤ò¼Â¸½¤·¤Þ¤¹¡£Identity Suite Cloud SP¤Ï¡¢SOAP API¤Ç¼õ¤±ÉÕ¤±¤¿¹¹¿·Í×µá¤ò¡¢LISM¤Ë¤è¤êSaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤ØÈ¿±Ç¤·¤Þ¤¹¡£

¤µ¤é¤Ë¡¢Secioss Identity Suite Cloud Edition IDP¡Ê°Ê¹ßIdentity Suite Cloud IDP¤È¤·¤Þ¤¹¡Ë¤ò´ë¶È¤ËƳÆþ¤¹¤ë¤³¤È¤Ç¡¢Identity Suite Cloud SP¤òƳÆþ¤·¤¿SaaS¥µ¡¼¥Ó¥¹¤È¤Î¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ä¥¢¥«¥¦¥ó¥ÈƱ´ü¤òGUI´ÉÍý¥Ä¡¼¥ë¤«¤é´Êñ¤ËÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥í¥¸¥§¥¯¥È

Identity Suite Cloud SP¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ª¡¼¥×¥ó¥½¡¼¥¹¥½¥Õ¥È¥¦¥§¥¢¤È¤·¤ÆGPL¥é¥¤¥»¥ó¥¹¤Ë¤è¤ê¸ø³«¤·¤Æ¤¤¤Þ¤¹¡£

• ¥×¥í¥¸¥§¥¯¥È¥µ¥¤¥È¡§http://sourceforge.jp/projects/secioss-auth/

• ¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¡§http://lists.sourceforge.jp/mailman/listinfo/secioss-auth-users

¾¦ÍÑ¥µ¡¼¥Ó¥¹

Identity Suite Cloud SP¤Ë´Ø¤¹¤ë¥³¥ó¥µ¥ë¥Æ¥£¥ó¥°¡¢¾¦ÍÑ¥µ¥Ý¡¼¥È¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Á¤é¤Ø¤ªÌä¹ç¤»²¼¤µ¤¤¡£

°Ê²¼¤Ç¤Ï¡¢Identity Suite Cloud SP¤ÎÀßÄêÊýË¡¤È¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥óÍѤÎREST API¤Ë¤Ä¤¤¤Æ²òÀ⤷¤Þ¤¹¡£

1. ¥¤¥ó¥¹¥È¡¼¥ë

Identity Suite Cloud SP¤Î¿ä¾©´Ä¶­¤Ï°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£

• OS¡§ CentOS 5¡¢RedHat Enterprise Linux 5

• Web¥µ¡¼¥Ð¡§ Apache 2.2

º£²ó¤Î¥¤¥ó¥¹¥È¡¼¥ë´Ä¶­¤È¤·¤Æ¤Ï¡¢Linux¤ÎCentOS 5¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£

1.1 EPEL¥ê¥Ý¥¸¥È¥ê¤ÎÀßÄê

# wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
# rpm -ivh epel-release-5-3.noarch.rpm

1.2 ɬÍפʥ½¥Õ¥È¥¦¥§¥¢¤Î¥¤¥ó¥¹¥È¡¼¥ë

# yum install php-pear
# yum install php-xml
# yum install php-pear-Log
# yum install php-pear-HTTP-Request
# yum install php-Smarty
# yum install perl-LDAP
# yum install php-pecl-memcache
# yum install perl-XML-Simple
# yum install perl-Config-General
# yum install perl-Mail-Sendmail
# yum install perl-SOAP-Lite
# yum install perl-CGI-Session

1.3 memcached

# rpm -Uvh memcached
# /sbin/chkconfig --level 345 memcached on
# /etc/init.d/memcached start

1.4 simpleSAMLphp

simpleSAMLphp¤Î¥µ¥¤¥È¡Êhttp://code.google.com/p/simplesamlphp/¡Ë¤«¤é¥½¥Õ¥È¥¦¥§¥¢¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢/usr/shareÇÛ²¼¤ËŸ³«¤·¤Æ¤¯¤À¤µ¤¤¡£
# unzip simplesmalphp_1_4.zip -d /usr/share
# mv /usr/share/simplesamlphp_1_4 /usr/share/simplesamlphp
# chown -R apache.apache /usr/share/simplesamlphp

Apache¤«¤ésimpleSAMLphp¤Ø¥¢¥¯¥»¥¹¤Ç¤­¤ë¤è¤¦¤ËÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
# vi /etc/httpd/conf.d/simplesamlphp.conf
Alias /simplesaml /usr/share/simplesamlphp/www

1.5 PHP OpenID Library

OpenID Enabled¤Î¥µ¥¤¥È¡Êhttp://openidenabled.com/php-openid/¡Ë¤«¤éPHP OpenID Library 2¤ò¥À¥¦¥ó¥í¡¼¥É¤·¡¢/usr/share/pearÇÛ²¼¤Ë¥³¥Ô¡¼¤·¤Þ¤¹¡£
# bzip2 -cd php-openid-2.1.3.tar.bz2 | tar xvf -
# cp -r php-openid-2.1.3/Auth /usr/share/pear

1.6 Identity Suite Cloud SP

http://sourceforge.jp/projects/secioss-auth/releases/¤«¤ésecioss-idsuite-cloud-sp-1.0.x.tgz¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²¼¤µ¤¤¡£

1.6.1 siscloud¤Î¥¤¥ó¥¹¥È¡¼¥ë

secioss-idsuite-cloud-spÉÕ°¤Îsiscloud¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
# tar zxvf secioss-idsuite-cloud-sp-1.0.x.tgz
# cd secioss-idsuite-cloud-sp-1.0.x
# tar -C /usr/share -zxvf software/siscloud-1.0.x.tgz
# mv /usr/share/siscloud-1.0.x /usr/share/siscloud
# chown -R apache.apache /usr/share/siscloud
# cp /usr/share/sisclud/cgi/* /var/www/cgi-bin
# chown apache.apache /usr/share/simplesamlphp/config

Apache¤«¤ésiscloud¤Ø¥¢¥¯¥»¥¹¤Ç¤­¤ë¤è¤¦¤ËÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
# vi /etc/httpd/conf.d/siscloud.conf
Alias /siscloud /usr/share/siscloud/www

1.6.2 LISM¤Î¥¤¥ó¥¹¥È¡¼¥ë

secioss-idsuite-cloud-spÉÕ°¤ÎLISM¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
# rpm -Uvh rpm/*.rpm
¢¨RedHat Enterprise Linux 5¡¢CentOS 5°Ê³°¤ÎOS¤Î¾ì¹ç¤Ïsource¥Õ¥©¥ë¥À¤Î¥½¡¼¥¹¤ò¥³¥ó¥Ñ¥¤¥ë¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ²¼¤µ¤¤¡£
¥¤¥ó¥¹¥È¡¼¥ë¼ê½ç¤ÏLISM¤Î¥µ¥¤¥È¤ò¤´Í÷²¼¤µ¤¤¡£

2. ÀßÄê

2.1 SAMLǧ¾Ú¤ÎÀßÄê

# cd /usr/share/simplesamlphp
# cp config-templates/config.php config
# cp config-tempates/authsources.php config
# cp metadata-templates/{saml20-idp-remote.php,saml20-sp-hosted.php} metadata
# chown apache.apache metadata/*
# vi metadata/saml20-sp-hosted.php

$metadata = array(      /*
      * Example of a hosted SP
      */
     '__DYNAMIC:1__' => array(
         'host'  => '__DEFAULT__'
     ) );

"__DYNAMIC:1__"¤ÎÉôʬ¤ËService Provider¤ÎID¤òÀßÄꤷ¤Æ²¼¤µ¤¤¡£¤³¤ÎID¤Ï¡¢SAML¥¢¥µ¡¼¥·¥ç¥ó¤Îȯ¹Ô¼Ô¤È¤·¤Æ»ÈÍѤµ¤ì¡¢Identity Suite Cloud IDP¤Ë¤ª¤¤¤ÆSaaS¥µ¡¼¥Ó¥¹¤ÎSAMLǧ¾Ú¤ÎÀßÄê¤ËɬÍפȤʤê¤Þ¤¹¡£

2.2 Identity Suite Cloud SP¤ÎÀßÄê

2.3.1 ǧ¾Ú¤ÎÀßÄê

# vi /usr/share/siscloud/conf/config.ini
memcache_host = <memcached¤Î¥Û¥¹¥È̾>
trust = <ǧ¾Ú¤òµö²Ä¤¹¤ë¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾¤ÎÀµµ¬É½¸½>
¢¨memcached¤Î¥Û¥¹¥È̾¤Ï¥¹¥Ú¡¼¥¹¤ÇÏ¢·ë¤·¤ÆÊ£¿ôµ­½Ò¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

2.3.2 REST API¤ÎÀßÄê

REST API¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤¿¤á¤Î¥æ¡¼¥¶¤È¥Ñ¥¹¥ï¡¼¥É¤òÅÐÏ¿¤·¤Þ¤¹¡£
# htpasswd -c /etc/httpd/conf/.htpasswd <¥æ¡¼¥¶>

2.3.2 ¥¢¥«¥¦¥ó¥ÈƱ´ü¤ÎÀßÄê

Identity Suite Cloud SP¤Ï¡¢SOAP API¤«¤é¹¹¿·¥ê¥¯¥¨¥¹¥È¤ò¼õ¤±ÉÕ¤±¡¢LISM¤Ë¤è¤Ã¤ÆSaaS¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤äLDAP¤Î¥¢¥«¥¦¥ó¥È¤ò¹¹¿·¤·¤Þ¤¹¡£

SOAP API¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤ò°Ê²¼¤Î¤è¤¦¤Ëµ­½Ò¤·¤Æ²¼¤µ¤¤¡£
# vi /var/www/cgi-bin/soaplism.conf
admin = <¥¢¥«¥¦¥ó¥ÈƱ´ü¥µ¡¼¥Ó¥¹¤Î´ÉÍý¥æ¡¼¥¶>
adminpw = <´ÉÍý¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É>
syncdir = <LISMÍѥǥ£¥ì¥¯¥È¥ê>
conf = <LISM¤ÎÀßÄê¥Õ¥¡¥¤¥ë>

LISM¤ÎÀßÄê¥Õ¥¡¥¤¥ëlism.conf¤Ë¤Ï¡¢¹¹¿·ÂоݤΥǡ¼¥¿¥Ù¡¼¥¹¡¢¤Þ¤¿¤ÏLDAP¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£
LISM¤ÎÀßÄêÊýË¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢LISM¤Î¥µ¥¤¥È¤ò¤´Í÷²¼¤µ¤¤¡£
¤¿¤À¤·¡¢Identity Suite Cloud SP¤Î¥¢¥«¥¦¥ó¥ÈƱ´ü¤Ç¤Ï¡¢LISM¤ÎÀßÄê¤Ë°Ê²¼¤ÎÀ©¸Â¤¬¤¢¤ê¤Þ¤¹¡£

• ¹¹¿·ÂоݤΥǡ¼¥¿¤Ï£±¤Ä

• <data><container><rdn>¤ÎÃͤˤϡ¢"o=lism"¤òÀßÄê

¤µ¤é¤Ë¡¢Identity Suite Cloud IDP¤ò¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È¹½À®¤È¤·¤Æ¡¢Ê£¿ô¤Î´ë¶ÈËè¤Ë¥¢¥«¥¦¥ó¥ÈƱ´ü¤ò¹Ô¤¦¾ì¹ç¤Ë¤Ï¡¢LISM¤Î¥Ç¥£¥ì¥¯¥È¥ê¥Ä¥ê¡¼¤¬¡¢°Ê²¼¤Î¹½À®¤È¤Ê¤ë¤è¤¦¤ËLISM¤òÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¥Æ¥Ê¥ó¥ÈID¤Ï³Æ´ë¶È¤Ë³ä¤ê¿¶¤é¤ì¤¿¼±Ê̻Ҥǡ¢¤½¤Î¥¨¥ó¥È¥ê¤ÎÇÛ²¼¤Ë³Æ´ë¶È¤Î¥¢¥«¥¦¥ó¥È¤ò³ÊǼ¤·¤Þ¤¹¡£
Identity Suite Cloud IDP¤Î¥¢¥«¥¦¥ó¥ÈƱ´ü¤ÎÀßÄê¤Ç¤Ï¡¢¤³¤Î¥Æ¥Ê¥ó¥ÈID¤¬É¬ÍפȤʤê¤Þ¤¹¡£

¥Þ¥ë¥Á¥Æ¥Ê¥ó¥È¤ËÂбþ¤·¤¿¥ª¡¼¥×¥ó¥½¡¼¥¹¥Ý¡¼¥¿¥ëLiferay¤òÎã¤È¤·¤ÆLISM¤ÎÀßÄê¤Î°ìÉô¤òÎ㼨¤·¤Þ¤¹¡£

lism.conf

<config>
  <data name="Liferay">
    <container>
      <rdn>o=lism</rdn>
    </container>
    <storage name="SQL">
      <dsn>DBI:mysql:lportal:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <initquery>set names utf8</initquery>
      <object name="Tenant">
        <table>Company</table>
        <id>
          <column>companyId</column>
        </id>
        <oc>organization</oc>
        <rdn>o</rdn>
        <attr name="o">
          <column>webId</column>
        </attr>
      </object>
      <object name="User">
        <container>
          <oname>Tenant</oname>
          <joinwhere>User_.companyId = %c</joinwhere>
        </container>
        <subcontainer>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </subcontainer>
        <table>User_</table>
        <id>
          <column>userId</column>
        </id>
        <oc>inetOrgPerson</oc>
        <oc>organizationalPerson</oc>
        <oc>Person</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>screenName</column>
        </attr>
        <attr name="sn">
          <selexpr>Contact_.lastname</selexpr>
          <fromtbls>Contact_</fromtbls>
          <joinwhere>User_.contactId = Contact_.contactId</joinwhere>
        </attr>
        <attr name="givenname">
          <selexpr>Contact_.firstname</selexpr>
          <fromtbls>Contact_</fromtbls>
          <joinwhere>User_.contactId = Contact_.contactId</joinwhere>
        </attr>
        <attr name="userpassword">
          <column>password_</column>
        </attr>
        <attr name="mail">
          <column>emailAddress</column>
        </attr>
        ...
      </object>
    ...
  </data>
</config>

2.4 ¥í¥°¤ÎÀßÄê

¥·¥ó¥°¥ë¥µ¥¤¥ó¥ª¥ó¤ÈIDƱ´ü¤Î¥í¥°¤Ï¡¢¤½¤ì¤¾¤ìsyslog¤Îlocal5¡¢local4¤Ë½ÐÎϤ·¤Þ¤¹¡£
/etc/syslog.conf¤Ë°Ê²¼¤ÎÀßÄê¤òÄɵ­¤·¤Æ¡¢syslog¥Ç¡¼¥â¥ó¤òºÆµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£

local5.*                                         -/var/log/auth.log
local4.*                                         -/var/log/lism.log

3. REST API

3.1 IDPÀßÄê

SAMLǧ¾Ú¤ÎIDP¤ÎÀßÄê¤È¤·¤Æ¡¢Identity Suite Cloud IDP¤Î¾ðÊó¤ò¡¢Identity Suite Cloud SP¤ËÂФ·¤ÆÁ÷¿®¤·¤Þ¤¹¡£

­¡ IDP¤ÎÀßÄêÃͤȤ·¤Æ¡¢°Ê²¼¤Î¥Ñ¥é¥á¡¼¥¿¤òPOST¤·¤Þ¤¹¡£

• user¡§ API¤Ë¥¢¥¯¥»¥¹¤¹¤ë¥æ¡¼¥¶

• password¡§ API¤Ë¥¢¥¯¥»¥¹¤¹¤ë¥Ñ¥¹¥ï¡¼¥É

• idp¡§ IDP¥µ¡¼¥Ð¤ÎSAML¥¢¥µ¡¼¥·¥ç¥ó¤Îȯ¹Ô¼Ô

• login¡§ IDP¤Î¥í¥°¥¤¥ó¥Ú¡¼¥¸¤ÎURL
      http://<IDP¤Î¥Û¥¹¥È̾>/simplesaml/saml2/idp/SSOService.php

• logout¡§ IDP¤Î¥í¥°¥¢¥¦¥È¥Ú¡¼¥¸¤ÎURL
      http://<IDP¤Î¥Û¥¹¥È̾>/simplesaml/saml2/idp/SingleLogoutService.php

• certfinterprint¡§ IDP¤ÎSAMLǧ¾ÚÍѾÚÌÀ½ñ¤«¤éÀ¸À®¤·¤¿fingerprint

¢¨¾ÚÌÀ½ñ¤Îfingerprint¤Ï°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÇÀ¸À®¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
# cat server.crt | openssl x509 -fingerprint
­¢ Identity Suite Cloud SP¤Ï¡¢IDP¤ÎÀßÄê¤òÄɲ䷤ơ¢·ë²Ì¤òXML·Á¼°¤Î¥ì¥¹¥Ý¥ó¥¹¤È¤·¤ÆÊÖ¤·¤Þ¤¹¡£
¥ì¥¹¥Ý¥ó¥¹¤Î·Á¼°¤Ï¡¢°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£
<response>
  <code>¥¨¥é¡¼¥³¡¼¥É</code>
  <message>¥á¥Ã¥»¡¼¥¸</message>
</response>

• ¥¨¥é¡¼¥³¡¼¥É¡§ À®¸ù 0¡¢¥¨¥é¡¼ 0°Ê³°

• ¥á¥Ã¥»¡¼¥¸¡§ ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸

3.2 ǧ¾Ú

Identity Suite SP¤ËÂФ·¤Æ¡¢SAML¡¢¤Þ¤¿¤ÏOpenID¤Ë¤è¤ëǧ¾Ú¤ò°ÍÍꤷ¡¢¤½¤Î·ë²Ì¤ò¼õ¤±¼è¤ê¤Þ¤¹¡£

­¡ ¥æ¡¼¥¶¤¬SaaS¥µ¥¤¥È¤Ë¥¢¥¯¥»¥¹¤·¤Þ¤¹¡£

­¢ ǧ¾Ú¤¬ºÑ¤ó¤Ç¤¤¤Ê¤¤¾ì¹ç¡¢¥¯¥¨¥ê¥¹¥È¥ê¥ó¥°¤Ë°Ê²¼¤ÎÃͤòÉղ䷤ơ¢SAMLǧ¾Ú¤Î¾ì¹ç"/siscloud/saml"¡¢OpenIDǧ¾Ú¤Î¾ì¹ç"/siscloud/openid"¤Ë¥ê¥À¥¤¥ì¥¯¥È¤·¤Þ¤¹¡£

• back¡§ SaaS¥µ¥¤¥È¤Î¥í¥°¥¤¥ó¥Ú¡¼¥¸¤ÎURL

• idpentityid¡§ SAMLǧ¾Ú¤Î¾ì¹ç¡¢IDP¤Î¼±Ê̻ҤȤ·¤Æ3.1¹à¤ÇÀßÄꤷ¤¿IDP¥µ¡¼¥Ð¤Îȯ¹Ô¼Ô¤ò»ØÄê

­£ Identity Suite Cloud SP¤Ï¡¢SAMLǧ¾Ú¤Î¾ì¹çSAML¤ÎIDP¤ËÂФ·¤Æ¡¢OpenIDǧ¾Ú¤Î¾ì¹çOpenID¤ÎOP¤ËÂФ·¤Æ¡¢Ç§¾ÚÍ×µá¤òÁ÷¿®¤·¡¢¥æ¡¼¥¶¤ÏIDP¡¢OP¤ËÂФ·¤Æ¥í¥°¥¤¥ó¤ò¹Ô¤¤¤Þ¤¹¡£

­¤ ¥æ¡¼¥¶¤Îǧ¾Ú¤ËÀ®¸ù¤·¤¿¾ì¹ç¡¢¥¯¥¨¥ê¥¹¥È¥ê¥ó¥°back¤Ç»ØÄꤷ¤¿URL¤Ë¡¢¥ê¥À¥¤¥ì¥¯¥È¤Ç¥È¡¼¥¯¥ó¡Êsecioss_token¡Ë¤òPOST¤·¤Þ¤¹¡£

­¥ ¥È¡¼¥¯¥ó¤ò¼èÆÀ¤·¤¿SaaS¥µ¥¤¥È¤Ï¡¢¥¯¥¨¥ê¥¹¥È¥ê¥ó¥°secioss_token¤Ë¥È¡¼¥¯¥ó¤òÀßÄꤷ¤Æ¡¢"/siscloud/api/login.php"¤Ë¥¢¥¯¥»¥¹¤·¤Þ¤¹¡£

­¦ Identity Suite Cloud SP¤Ï¡¢¥È¡¼¥¯¥ó¤ÎÃͤò³Îǧ¤·¡¢XML·Á¼°¤Î¥ì¥¹¥Ý¥ó¥¹¤òÊÖ¤·¤Þ¤¹¡£
¥ì¥¹¥Ý¥ó¥¹¤Î·Á¼°¤Ï°Ê²¼¤Ë¤Ê¤ê¤Þ¤¹¡£
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <code>¥¨¥é¡¼¥³¡¼¥É</code>
  <userid>¥æ¡¼¥¶Ì¾</userid>
  <idpentityid>IDP¤Î¼±ÊÌ»Ò</idpentityid>
</response>

• ¥¨¥é¡¼¥³¡¼¥É¡§ À®¸ù 0¡¢¥¨¥é¡¼ 0°Ê³°

• ¥æ¡¼¥¶Ì¾¡§ ǧ¾Ú¤ò¹Ô¤Ã¤¿¥æ¡¼¥¶Ì¾

• IDP¤Î¼±Ê̻ҡ§ IDP¥µ¡¼¥Ð¤ÎFQDN

­§¥µ¥¤¥È¤Î²èÌ̤òɽ¼¨¤·¤Þ¤¹¡£

3.3 ¥í¥°¥¢¥¦¥È

SaaS¥µ¥¤¥È¤Î¥í¥°¥¢¥¦¥È½èÍý¸å¡¢"/simplesaml/saml2/sp/SingleLogoutService.php"¤Ë¥ê¥À¥¤¥ì¥¯¥È¤·¤Æ²¼¤µ¤¤¡£

4. ¥µ¥ó¥×¥ë¥×¥í¥°¥é¥à

Identity Suite Cloud SP¤Ë¤Ï¡¢SAMLǧ¾Ú¡¢OpenIDǧ¾ÚÍѤΥµ¥ó¥×¥ë¥×¥é¥°¥é¥à¤¬ÉÕ°¤·¤Æ¤¤¤Þ¤¹¡£

4.1 ÀßÄê

# vi /usr/share/siscloud/www/login_sample.php
$idp = http://<Identity Suite Cloud SP¤Î¥Û¥¹¥È̾>/siscloud/api/login.php
$idp = <Identity Suite Cloud IDP¤Î¥Û¥¹¥È̾>

4.2 Æ°ºî³Îǧ

http://<Identity Suite Cloud SP¤Î¥Û¥¹¥È̾>/siscloud/login_sample.php¤Ë¥¢¥¯¥»¥¹¤·¤Þ¤¹¡£

­¡SAML¡¢¤Þ¤¿¤ÏOpenID¤Îǧ¾Ú¤ò¹Ô¤¤¤Þ¤¹¡£

• SAMLǧ¾Ú¡§¡¡SAML¤Î¥í¥°¥¤¥ó¤ò¥¯¥ê¥Ã¥¯¤·¤Æ²¼¤µ¤¤¡£

• OpenIDǧ¾Ú¡§¡¡OpenID URL¤ËOpenID¤ÎURL¤òÆþÎϤ·¤Æ²¼¤µ¤¤¡£OpenID¤ÎOP¤¬Identity Suite SP¤Î¾ì¹ç¤Ï¡¢http://<Identity Suite IDP¤Î¥Û¥¹¥È̾>/siscloud/auth/index.php¤ÈÆþÎϤ·¤Æ²¼¤µ¤¤¡£

­¢¥í¥°¥¤¥ó¸å¡¢Identity Suite Cloud SP¤Î¥ì¥¹¥Ý¥ó¥¹¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£