プライベートCA Glas ホワイトペーパー ??含まれる Active Directory フェデレーションサービスで認証をおこな う環境を構築するための設定例を記載します。 本書に記載の内容は、弊社の検証環境における動作を確認したものであり、あら ゆる環境での動作を保証するもの

  • Published on
    28-Mar-2018

  • View
    228

  • Download
    7

Embed Size (px)

Transcript

  • Copyright by JCCH Security Solution Systems Co., Ltd., All Rights reserved

    CA Glas

    Office365

    Active Directory AD FS

    Office

    Ver.1.0

    2016 9

  • Copyright by JCCH Security Solution Systems Co., Ltd., All Rights reserved

    JCCHJS3

    JCCH

    Glas JCCH

    Microsoft Corporation

  • CA Glas

    Office365 ADFS

    3 / 25

    1. ................................................................................................................................ 4

    1.1. ................................................................................................................ 4

    1.2. ......................................................................................................... 4

    1.3. ......................................................................................................... 5

    1.4. ......................................................................... 6

    2. .............................................................................................. 6

    2.1. NTauth ............................................................ 6

    3. ADFS ............................................................................................................ 9

    3.1. SSL ................................................................................... 9

    3.2. SSL .............................................................................................11

    3.3. MFA .........................................................................................11

    4. WAP ...................................................................................................................... 12

    4.1. SSL ................................................................................. 12

    4.2. SSL ............................................................................................ 12

    5. Glas PC .................................................................................................. 12

    6. PC ..................................................................................................... 13

    6.1. .............................................................................. 13

    6.2. Office365 ......................................................................... 14

    6.3. Office365 Office .................................................................. 16

    7. Glas iPhone ........................................................................................... 18

    8. iPhone .............................................................................................. 20

    8.1. .............................................................................. 20

    8.2. OTA .............................................. 22

    8.3. Office365 ............................................................................................. 22

    9. ....................................................................................................................... 25

    10. ....................................................................................................................... 25

  • CA Glas

    Office365 ADFS

    4 / 25

    1.

    1.1.

    CA Glas

    Microsoft Corporation Office 365 Window

    Server Active Directory

    1.2.

    Microsoft Windows Server 2012 R2 Standard

    Windows Server 2012 R2 Standard

    / Active Directory

    ADFS

    Windows Server 2012 R2 Standard

    / Web Application Proxy

    WAP

    JS3 CA Glas 1.13.103

    Glas

    SaaSOffice 365 Enterprise E3

    Office365

    Windows 10 Pro / Internet Explorer 11 / Excel 2016

    PC

    iPhone6iOS 10.0.1/

    Outlook 2.5.0 / Microsoft Authenticator 4.0.7

    iPhone

  • CA Glas

    Office365 ADFS

    5 / 25

    iOSMicrosoft Authenticator

    Windows ServerWindows

    ADFSWAP

    Office365ADFSWAP

    Office365ADFSWAP

    Glas

    PCiPhone

    1.3.

    1. GlasADFSWAPSSLPCiPhone

    2. PCOfficeExcel 2016

    Office365ADFS

    WAP

    3. iPhoneOfficeOutlookOffice365

    WAP

    4. ADFS

    Office365

    Office365Office

  • CA Glas

    Office365 ADFS

    6 / 25

    1.4.

    Glas

    ADFSWAPSSL

    ADFS[]Glas

    []

    [ADFS][]

    [(E)]

    []

    Active Directory

    CRL

    2.

    2.1. NTauth

    Glas Windows NTauth

  • CA Glas

    Office365 ADFS

    7 / 25

    certutil -dspublish -f [filename] NTAuthCA

    [filename]

    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\NTAuth\Certificates

    gpupdate

    ADFS

    gpupdate

    NTauth GUI

    [][]

  • CA Glas

    Office365 ADFS

    8 / 25

    MMC[ PKI]

    PKI [AD (A)]

    [NTAuthCetificates][(A)]

  • CA Glas

    Office365 ADFS

    9 / 25

    NTauth

    3. ADFS

    3.1. SSL

    Glas PKCS#12

    ADFS

    MMC [(F)] > [(N)][

    ]

    [ (C)]

    [(L)][]

  • CA Glas

    Office365 ADFS

    10 / 25

    [] > []

    [(K)] > [(I)]

    [(N)]

    Glas PKCS#12

    p12[(N)]

    Glas PKCS#12

    [

    (N)]

  • CA Glas

    Office365 ADFS

    11 / 25

    [

    (U)][(N)]

    []

    3.2. SSL

    Windows Powershell

    Set-AdfsSslCertificate -Thumbprint []

    3.1

    Get-ChildItem Cert:LocalMachineMy

    Get-AdfsSslCertificate

    3.3. MFA

    [AD FS ][]

    [][]

    [] [

    ][]

  • CA Glas

    Office365 ADFS

    12 / 25

    4. WAP

    4.1. SSL

    3.1 WAP

    4.2. SSL

    Windows Powershell

    Set-WebApplicationProxySslCertificate -Thumbprint []

    4.1

    Get-ChildItem Cert:LocalMachineMy

    Get-WebApplicationProxySslCertificate

    5. GlasPC

    GlasUAPC

  • CA Glas

    Office365 ADFS

    13 / 25

    Glas

    GlasRA[][

    ]UA

    [][]

    []

    [][]

    [

    ]

    []

    []

    6. PC

    6.1.

    Internet ExplorerGlasUA

    GlasID

    []

  • CA Glas

    Office365 ADFS

    14 / 25

    ActiveX

    []

    6.2. Office365

    Internet ExplorerOffice365ID

    ADFS

  • CA Glas

    Office365 ADFS

    15 / 25

    ADFS

    ADFSIE

    Windows

  • CA Glas

    Office365 ADFS

    16 / 25

    Office365

    6.3. Office365 Office

    Excel 2016[]

    Office365ID

  • CA Glas

    Office365 ADFS

    17 / 25

    ADFS

  • CA Glas

    Office365 ADFS

    18 / 25

    OneDriveSharePoint Online

    Office

    7. Glas iPhone

    Glas iPhone

    Glas

    GlasRA[][

    ]UA

    [][]

    []

    [()][]

    GlasUA

  • CA Glas

    Office365 ADFS

    19 / 25

    []

    [][iPhone/iPad][iPhone/iPadUA

    ]

    [iPhone]

    []

    iPhone

    [][]

    []iPhone

    iPhone

    []

    Glas

  • CA Glas

    Office365 ADFS

    20 / 25

    8. iPhone

    8.1.

    iPhoneSafariGlasUA

    ID

    []

    []

    []

  • CA Glas

    Office365 ADFS

    21 / 25

    []

    Glas

    []

    UA[]UA

  • CA Glas

    Office365 ADFS

    22 / 25

    iPhone

    []

    UA

    8.2. OTA

    GlasiOSOver The AirOTA

    OTA

    8.3. Office365

    Outlook

  • CA Glas

    Office365 ADFS

    23 / 25

    Microsoft Authenticator

    ADFS

  • CA Glas

    Office365 ADFS

    24 / 25

    [] Office365 OneDrive

    Microsoft Authenticator Azure AD

    Microsoft Authenticator Office

  • CA Glas

    Office365 ADFS

    25 / 25

    9.

    ADFSadmin

    Windows ServerCRL

    ADFSCRL

    certutil -urlcache crl delete

    certutil -setreg chainChainCacheResyncFiletime @now

    net stop cryptsvc

    net start cryptsvc

    10.

    Glas

    JCCH

    Tel: 050-3821-2195

    Mail: sales@jcch-sss.com

    :

    :

    http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/X509Certificate

    % :

    ID4070: X.509 'DC=JCCH-SSS, DC=COM, CN=testuser2@domainname.local'

    certificateValidationMode '

Recommended

View more >