Click here to load reader
Upload
junichi-anno
View
2.873
Download
4
Embed Size (px)
DESCRIPTION
2011/3/11 に開催したセミナー資料です。AppFabric ACS V2 を使用したシングルサインオン環境の構築について、アーキテクチャと構築手順を詳しく解説しています。セミナーは地震の影響で中断しましたが、再開催される予定です。
Citation preview
2.
13:30 - 16:30 Windows Azure AppFabric ACS V2
16:45 - 17:30ID MVP
17:30 - 18:00
18:00 - 19:00
3. Cloud TechCenter
http://technet.microsoft.com/ja-jp/cloud/
4.
Windows Azure AppFabirc ACS V2 2011
5.
1AppFabric Access Control Service
Windows Azure AppFabric ACS V2Windows Azure
AppFabric ACS
WindowsAzure
AppFabricACSV2
6. Agenda
Identity
Windows AzureAppFabric ACS
AppFabric ACS
Identity Provider
10.
11.
15. 0
19. 3
20.
1
Secure CloudFederation
21. Secure Cloud Federation
SQL Azure Data Sync
AppFabric Service Bus
AD FS 2.0 & AppFabric ACS
Windows Azure Connect
22. Identity
23. ID
Identity
24. ID
Identity //
25.
/
/
33.
/
/
41.
ID
/
42.
STS ( Security Token Service )
1
2
n
43. Identity SSO
/
Token
Security
Token
Users
Users
ID ID
45. Identity
RP/SP CP/IdP
IdP/CP
RP/SP
Token
Security
Token
IdPIdentity Provider
CPClaim Provider
RPRelying Party
SPService Provider
48. Windows AzureAppFabricAccess Control Service
49.
Google
Windows Live
Facebook
OpenID
50.
SQL Azure DB
Anonymous
WELCOME!
Windows Azure Connect
AD FS 2.0
Active Directory Domain
51. /
SQL Azure DB
Anonymous
WELCOME!
Windows Azure Connect
AD FS 2.0
Active Directory Domain
52. STS
AppFabricACSV2 IdP
AppFabric ACSV2
Google
Windows Live
Facebook
OpenID
53. Windows Azure AppFabricAccess Control Service
STS
Identity Provider
Identity Provider Passive
V2
V2
V2
V2
V2
60. Windows Azure AppFabricAccess ControlServiceV1
RESTWEB
61. Windows Azure AppFabricAccess ControlServiceV1
Relying Party
AppFabric
STS
Access Control Service
REST
or
SAML 1.1/2.0
or
SWT
62. ACSV1 AD SSO
ACS Passive SSO
9
ACS
WRAP
REST
Service
5
WS-Trust
8
6
4
10
AD DS
AD FS2.0
1
7
2
3
63.
AD FS 2.0
AD DS
AD FS 2.0 SAML 1.1
ACS
ACS SAML 1.1
SWT
SWT ACS
HTTPAuthorization SWT REST POST
REST SWT
64. AppFabric ACSV2
ManagementPortal
AppFabric ACSManagementService
Windows AzureAppFabric ACS
Protocol
Protocol
WS-Federation
WS-Federation
AD FS 2.0
Passive
SAML/SWT
WS-FedSTS
google
WEB
Yahoo!
SAML/SWT
OAuth 2.0
Facebook
SAML/SWT
OpenID 2.0
OpenID
SAML/SWT
Live ID
Windows LiveID
/
Active
SOAPWeb
WS-Trust
WS-Trust
WS-Trust
SAML/SWT
SWT
REST Web
OAuth/ WRAP 2.0
SWT
OAuth/ WRAP 2.0
SWT
65.
66.
IdP SSO
AppFabric ACSV2
Web
AD FS 2.0
67. / 11
AppFabric ACSV2
Web
AD FS 2.0
68. AppFabricACS
Namespace
AppFabric ACS V2
https://portal.appfabriclabs.com/Default.aspx
69. Namespace
Windows AzureAppFabric
70. Namespace
Windows AzureAppFabric LabsSubscription
Namespace AppFabric ACS WEB
https://acstestsite.accesscontrol.appfabriclabs.com/
Active
71. AppFabric
72. AppFabricACS
Azure
Identity Provider
ACS Active ID
ID
AppFabricACS
ID
URL
73. AppFabric ACS
Identity
Provider
Windows Azure
AppFabric ACS V2
74.
Windows Azure
Windows Azure
Windows Azure
Windows AzureAppFabric ACS V2
75. Windows Azure
Windows Azure
http://windows.azure.com/
78. URL
URL
79.
OS
80. Windows Azure
http://blogs.technet.com/b/junichia/archive/2010/09/02/3353275.aspx
.cer
APISMAPI
X.509 V3.CER 2048 bit
.pfx
SSL
thumbprint
81. SSL
SSL
SMAPI
REST
Storage Node
Compute Node
Guest
Root
SAK
SSL
FA
FA
GA
SSL
Hypervisor
Fabric
Controller
Controller
PKCS12
PKCS12
FC
Microsoft CA
82. [FAQ] Subject
http://blogs.technet.com/b/junichia/archive/2010/09/03/3353536.aspx
Windows Azure FQDN
xxxxxxxx.cloudapp.net
xxxxxxxx.cloudapp.net
CNAME
83.
.cer
import
tf20110311.cloudapp.net
.pfx
import
xxxx.cloudapp.net
.pfx
import
yyyy.cloudapp.net
.pfx
import
84.
.NET Framework SDK
.CER
.PFX
pvk2pfx
makecert
.PVK
86.
Visual Studio
[]-[]-[Microsoft Visual Studio 2010]-[Visual Studio Tools]-[Visual
Studio ]
.cer .pvk
.pvk .cer .pfx
.cer .pfx Windows Azure
makecert -r -pe -n "CN=tf20110311.cloudapp.net"
-sky exchange tf20110311.cloudapp.net.cer"
-svtf20110311.cloudapp.net.pvk"
pvk2pfx -pvk"tf20110311.cloudapp.net.pvk
-spctf20110311.cloudapp.net.cer
-pfxtf20110311.cloudapp.net.pfx
-pi
87. .cer
88. Windows Azure
89.
90. Windows Azure
91. Windows Azure
Windows
Live
1
2
Google
95. Windows Azure
STS
STS
Windows
Live
1
STS
2
Google
STS
98.
WIF
AppFabric ACS
Windows Azure AppFabric ACS WIF
STS
STS
Windows
Live
WEB
WIFWindows Identity Foundation
100. Windows Azure /
101. Windows Azure WIF
WIF (Windows Identity Foundation)
WIF WS-Federation/WS-Trust
OK
ASP.NET
AppFabric ACS
Windows Identity Foundation
.NET Framework 4
102. Windows Azure
Microsoft.IdentityModel.Claims
http://msdn.microsoft.com/ja-jp/library/microsoft.identitymodel.claims.aspx
Claims
ClaimType
Claim
Value
Claim
Claim
Issuer
Claim
OriginalIssuer
ValueType
subject
103. Windows Azure
Windows 7 + Visual Studio 2010
WindowsAzure Tools for Microsoft Visual Studio 1.420113
VSCloudService.exe
VSCloudService.VS100.ja-jp.msi
Windows Azure SDK1.4
Windows Identity Foundation 3.5 KB974495
Windows6.1-KB974405-x64j.msu
Windows Identity Foundation 3.5
WindowsIdentityFoundation-SDK-3.5.msi
Windows Identity Foundation 4.0
WindowsIdentityFoundation-SDK-4.0.msi
Microsoft CAPICOM 2.1.0.2 SDK
104. WIF
%Program Files(x86)%Windows Identity Foundation SDKv4.0Visual
Studio Extensions10.0
csClaimsAwareASPNETSite.zip
csClaimsAwareWCFSite.zip
csSTSASPNETSite.zip
csSTSWCFSite.zip
Visual Studio 2010TemplatesProject TemplatesVisual C#
WIF
105. Windows Azure VS
OR
106. Windows Azure
107. Windows Azure
Web
Windows Azure Platform
http://technet.microsoft.com/ja-jp/cloud/gg236628.aspx
108. Windows Azure Windows Identity Foundation
.NET Microsoft.IdentityModel
109. Windows Azure Microsoft.IdentityModel
Windows Azure Windows Server WIF
Microsoft.IdentityModel Azure
Microsoft.IdentityModel
110. Windows Azure SSL
SSL Thumprint
Visual Studio
111. Windows Azure SSL
112. Windows Azure SSL
Thumbprint
HTTPS/443
113. Windows Azure STS
AzureURL
114. Windows Azure STS
AppFabricACSV2
Windows Azure
AppFabric ACS V2
AD FS 2.0
115. Windows Azure STS
AppFabricACSV2
116. Windows Azure STS
117. Windows Azure Web.config
118. Windows Azure Web.config
Azure Thumbprint