1. Windows Azure Platform
Windows Azure AppFabricAccess Control Service V2
1.0
2011311



http://blogs.technet.com/junichia/
Twitter @junichia

2.
13:30 - 16:30 Windows Azure AppFabric ACS V2
16:45 - 17:30ID MVP
17:30 - 18:00
18:00 - 19:00
3. Cloud TechCenter

http://technet.microsoft.com/ja-jp/cloud/
4.



Windows Azure AppFabirc ACS V2 2011
5.
1AppFabric Access Control Service
Windows Azure AppFabric ACS V2Windows Azure
AppFabric ACS

WindowsAzure
AppFabricACSV2

6. Agenda

Identity
Windows AzureAppFabric ACS

AppFabric ACS

Identity Provider

AD FS 2.0 7. Windows Live ID 8. Google 9. Facebook

10.
11.

12. LED 13. 14.

15. 0

16. 17.

18.

19. 3






20.
1



Secure CloudFederation


21. Secure Cloud Federation



SQL Azure Data Sync

AppFabric Service Bus


AD FS 2.0 & AppFabric ACS

Windows Azure Connect
22. Identity

23. ID
Identity










24. ID
Identity //




25.

26.

/
/

27.

28. 29. 30. 31. 32.

33.

34.

/
/

35.

36. 37. 38. 39. 40.

41.


ID








/



42.


STS ( Security Token Service )

1
2
n



43. Identity SSO

44.

/
Token

Security
Token
Users
Users

ID ID
45. Identity

IdP/CPRP/SP 46. STS 47.

RP/SP CP/IdP
IdP/CP
RP/SP


Token

Security
Token









IdPIdentity Provider
CPClaim Provider
RPRelying Party
SPService Provider
48. Windows AzureAppFabricAccess Control Service
49.

Google
Windows Live
Facebook
OpenID
50.
SQL Azure DB
Anonymous

WELCOME!



Windows Azure Connect
AD FS 2.0
Active Directory Domain
51. /
SQL Azure DB
Anonymous

WELCOME!



Windows Azure Connect
AD FS 2.0
Active Directory Domain
52. STS
AppFabricACSV2 IdP
AppFabric ACSV2
Google


Windows Live
Facebook
OpenID
53. Windows Azure AppFabricAccess Control Service
STS
Identity Provider

OAuth WRAP 2.0 54. WS-Federation 55. WS-Trust 56. OAuth 2.0 (Draft 10) 57. OpenID 2.0

Simple Web TokenSWT 58. SAML 1.1/2.0

Identity Provider Passive

Windows Live ID/ Google/ Facebool/ Yahoo!(.com)/ OpenID 59. Active Directory Federation Service 2.0

V2
V2
V2
V2
V2
60. Windows Azure AppFabricAccess ControlServiceV1
RESTWEB










61. Windows Azure AppFabricAccess ControlServiceV1

Relying Party


AppFabric
STS
Access Control Service
REST





or
SAML 1.1/2.0
or
SWT




62. ACSV1 AD SSO
ACS Passive SSO
9

ACS
WRAP
REST
Service
5
WS-Trust


8

6
4
10
AD DS
AD FS2.0
1
7
2
3


63.
AD FS 2.0
AD DS
AD FS 2.0 SAML 1.1
ACS
ACS SAML 1.1
SWT
SWT ACS
HTTPAuthorization SWT REST POST
REST SWT

64. AppFabric ACSV2

ManagementPortal
AppFabric ACSManagementService
Windows AzureAppFabric ACS




Protocol


Protocol
WS-Federation
WS-Federation
AD FS 2.0

Passive
SAML/SWT
WS-FedSTS

google
WEB
Yahoo!
SAML/SWT
OAuth 2.0
Facebook
SAML/SWT
OpenID 2.0
OpenID
SAML/SWT
Live ID
Windows LiveID
/
Active
SOAPWeb

WS-Trust
WS-Trust
WS-Trust
SAML/SWT
SWT
REST Web

OAuth/ WRAP 2.0
SWT
OAuth/ WRAP 2.0
SWT
65.
66.
IdP SSO
AppFabric ACSV2
Web




AD FS 2.0

67. / 11
AppFabric ACSV2
Web




AD FS 2.0

68. AppFabricACS

Namespace
AppFabric ACS V2
https://portal.appfabriclabs.com/Default.aspx
69. Namespace
Windows AzureAppFabric
70. Namespace
Windows AzureAppFabric LabsSubscription
Namespace AppFabric ACS WEB
https://acstestsite.accesscontrol.appfabriclabs.com/
Active
71. AppFabric
72. AppFabricACS

Azure

Identity Provider


ACS Active ID
ID
AppFabricACS
ID
URL
73. AppFabric ACS



Identity
Provider
Windows Azure

AppFabric ACS V2
74.
Windows Azure
Windows Azure
Windows Azure
Windows AzureAppFabric ACS V2
75. Windows Azure

76. 77.

Windows Azure
http://windows.azure.com/
78. URL

URL



79.
OS
80. Windows Azure

http://blogs.technet.com/b/junichia/archive/2010/09/02/3353275.aspx
.cer
APISMAPI
X.509 V3.CER 2048 bit
.pfx
SSL
thumbprint

81. SSL
SSL

SMAPI
REST
Storage Node
Compute Node
Guest
Root
SAK
SSL

FA
FA
GA
SSL
Hypervisor
Fabric
Controller
Controller
PKCS12
PKCS12


FC
Microsoft CA
82. [FAQ] Subject
http://blogs.technet.com/b/junichia/archive/2010/09/03/3353536.aspx
Windows Azure FQDN
xxxxxxxx.cloudapp.net


xxxxxxxx.cloudapp.net

CNAME

83.


.cer

import

tf20110311.cloudapp.net

.pfx
import

xxxx.cloudapp.net

.pfx
import

yyyy.cloudapp.net

.pfx
import
84.
.NET Framework SDK

makecert.exe 85. pvk2pfx.exe

.CER
.PFX
pvk2pfx
makecert
.PVK
86.
Visual Studio
[]-[]-[Microsoft Visual Studio 2010]-[Visual Studio Tools]-[Visual Studio ]
.cer .pvk
.pvk .cer .pfx
.cer .pfx Windows Azure
makecert -r -pe -n "CN=tf20110311.cloudapp.net"
-sky exchange tf20110311.cloudapp.net.cer"
-svtf20110311.cloudapp.net.pvk"
pvk2pfx -pvk"tf20110311.cloudapp.net.pvk
-spctf20110311.cloudapp.net.cer
-pfxtf20110311.cloudapp.net.pfx
-pi
87. .cer
88. Windows Azure
89.
90. Windows Azure











91. Windows Azure

92. Identity 93. 94. Single Sign-On/Off

Windows
Live
1










2
Google








95. Windows Azure

96. STS 97.

STS
STS
Windows
Live
1









STS
2
Google
STS








98.

AppFabric ACS 99.

WIF
AppFabric ACS
Windows Azure AppFabric ACS WIF
STS
STS
Windows
Live
WEB










WIFWindows Identity Foundation
100. Windows Azure /




















101. Windows Azure WIF
WIF (Windows Identity Foundation)
WIF WS-Federation/WS-Trust
OK
ASP.NET
AppFabric ACS



Windows Identity Foundation

.NET Framework 4

102. Windows Azure
Microsoft.IdentityModel.Claims
http://msdn.microsoft.com/ja-jp/library/microsoft.identitymodel.claims.aspx


Claims
ClaimType
Claim
Value
Claim
Claim
Issuer
Claim
OriginalIssuer
ValueType
subject
103. Windows Azure
Windows 7 + Visual Studio 2010
WindowsAzure Tools for Microsoft Visual Studio 1.420113
VSCloudService.exe
VSCloudService.VS100.ja-jp.msi
Windows Azure SDK1.4
Windows Identity Foundation 3.5 KB974495
Windows6.1-KB974405-x64j.msu
Windows Identity Foundation 3.5
WindowsIdentityFoundation-SDK-3.5.msi
Windows Identity Foundation 4.0
WindowsIdentityFoundation-SDK-4.0.msi
Microsoft CAPICOM 2.1.0.2 SDK
104. WIF
%Program Files(x86)%Windows Identity Foundation SDKv4.0Visual Studio Extensions10.0
csClaimsAwareASPNETSite.zip
csClaimsAwareWCFSite.zip
csSTSASPNETSite.zip
csSTSWCFSite.zip

Visual Studio 2010TemplatesProject TemplatesVisual C#
WIF

105. Windows Azure VS
OR
106. Windows Azure
107. Windows Azure
Web
Windows Azure Platform
http://technet.microsoft.com/ja-jp/cloud/gg236628.aspx
108. Windows Azure Windows Identity Foundation
.NET Microsoft.IdentityModel
109. Windows Azure Microsoft.IdentityModel
Windows Azure Windows Server WIF
Microsoft.IdentityModel Azure


Microsoft.IdentityModel
110. Windows Azure SSL
SSL Thumprint
Visual Studio
111. Windows Azure SSL
112. Windows Azure SSL


Thumbprint


HTTPS/443
113. Windows Azure STS
AzureURL
114. Windows Azure STS
AppFabricACSV2
Windows Azure
AppFabric ACS V2


AD FS 2.0


115. Windows Azure STS
AppFabricACSV2
116. Windows Azure STS
117. Windows Azure Web.config





118. Windows Azure Web.config
Azure Thumbprint