{"id":1717,"date":"2023-07-26T15:30:14","date_gmt":"2023-07-26T06:30:14","guid":{"rendered":"https:\/\/tech.at-iroha.jp\/?p=1717"},"modified":"2023-07-26T18:08:52","modified_gmt":"2023-07-26T09:08:52","slug":"simplesamlphp%e3%82%92%e7%94%a8%e3%81%84%e3%81%9fsaml%e3%81%ae%e6%a4%9c%e8%a8%bc%e7%92%b0%e5%a2%83%e3%81%ae%e6%a7%8b%e7%af%89","status":"publish","type":"post","link":"https:\/\/tech.at-iroha.jp\/?p=1717","title":{"rendered":"SimpleSAMLphp\u3092\u7528\u3044\u305fSAML\u306e\u691c\u8a3c\u74b0\u5883\u306e\u69cb\u7bc9"},"content":{"rendered":"\n

\u6700\u8fd1\u4ed5\u4e8b\u3067SAML\u306e\u691c\u8a3c\u74b0\u5883\u306e\u69cb\u7bc9\u3092\u3059\u308b\u6a5f\u4f1a\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u305d\u306e\u624b\u9806\u3092\u307e\u3068\u3081\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

SAML\uff08Security Assertion Markup Language\uff09\u3068\u306f\u3001\u4e3b\u306b\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\u7b49\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306bXML\u3092\u30d9\u30fc\u30b9\u306b\u7b56\u5b9a\u3055\u308c\u305f\u6a19\u6e96\u30d7\u30ed\u30c8\u30b3\u30eb\u3067\u3059\u3002<\/p>\n\n\n\n

SAML\u306f\u30a2\u30b5\u30fc\u30b7\u30e7\u30f3\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u3001\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306e3\u3064\u3067\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30a2\u30b5\u30fc\u30b7\u30e7\u30f3\u3068\u306f\u30e6\u30fc\u30b6\u306e\u8a8d\u8a3c\u60c5\u5831\u3001\u5c5e\u6027\u3001\u6a29\u9650\u3068\u3044\u3063\u305f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u3092XML\u3067\u8a18\u8ff0\u3057\u305f\u3082\u306e\u3067\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u306f\u30a2\u30b5\u30fc\u30b7\u30e7\u30f3\u3092\u8ee2\u9001\u3059\u308b\u305f\u3081\u306e\u898f\u5247\u3067\u3042\u308a\u3001\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u306fSAML\u30d7\u30ed\u30c8\u30b3\u30eb\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u6a19\u6e96\u7684\u306a\u8ee2\u9001\u30d7\u30ed\u30c8\u30b3\u30eb\uff08HTTP\u306a\u3069\uff09\u306b\u30de\u30c3\u30d4\u30f3\u30b0\u3059\u308b\u65b9\u6cd5\u3068\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n

\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\u3067\u4f7f\u7528\u3059\u308b\u5834\u5408\u3001\u30e6\u30fc\u30b6\u306e\u8a8d\u8a3c\u60c5\u5831\u3092\u63d0\u4f9b\u3059\u308b\u5074\u3092Idp\uff08identity provider\uff09\u3068\u547c\u3073\u3001\u8a8d\u8a3c\u60c5\u5831\u3092\u5229\u7528\u3059\u308b\u5074\u3092SP\uff08service provider\uff09\u3068\u547c\u3073\u307e\u3059\u3002<\/p>\n\n\n\n

\u4eca\u56de\u306f SimpleSAMLphp \u3092\u7528\u3044\u3066\u691c\u8a3c\u74b0\u5883\u306e\u69cb\u7bc9\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

\u691c\u8a3c\u74b0\u5883\u306e\u69cb\u7bc9<\/h2>\n\n\n\n

\u524d\u63d0\u6761\u4ef6\u3068\u3057\u3066\u3001\u30ed\u30fc\u30ab\u30eb\u306ePC\u306bApache\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3001SSL\u901a\u4fe1\u53ef\u80fd\u306a\u72b6\u614b\u3067\u4f5c\u696d\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n

1. \u307e\u305a\u306f\u4ee5\u4e0b\u306e\u516c\u5f0f\u30b5\u30a4\u30c8\u304b\u3089SimpleSAMLphp\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3092\u884c\u3044\u89e3\u51cd\u3057\u307e\u3059\u3002
https:\/\/simplesamlphp.org\/download\/<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

2. \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u540d\u3092 simplesaml \u306b\u5909\u66f4\u3057\u3001Apache \u306e\u516c\u958b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\uff08htdocs\uff09\u306b\u914d\u7f6e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

3. simplesaml\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u3001\u4ee5\u4e0b\u306e\u5185\u5bb9\u306e .htaccess \u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

<IfModule mod_rewrite.c>\n    RewriteEngine on\n    RewriteBase \/simplesaml\n    RewriteCond %{REQUEST_FILENAME} !-f\n    RewriteCond %{REQUEST_FILENAME} !-d\n    RewriteRule ^(.*)$ public\/$1 [L]\n<\/IfModule><\/code><\/pre>\n\n\n\n
4. config \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
authsources.php.dist \u2192 authsources.php
config.php.dist \u2192 config.php<\/p>\n\n\n\n
5. \u4ee5\u4e0b\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3092\u8d77\u52d5\u3057\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5165\u529b\u3057\u3001\u516c\u958b\u9375\u3068\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ad\u30fc\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -subj \"\/C=JP\/ST=SAITAMA\/CN=xxx.jp\" -out \/htdocs\/simplesaml\/cert\/xxx.jp.crt -keyout \/htdocs\/simplesaml\/cert\/xxx.jp.key<\/code><\/pre>\n\n\n\n
6. config\/config.php \u3092\u958b\u304d\u3001\u4ee5\u4e0b\u306e\u7b87\u6240\u3092\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
technicalcontact_email<\/td>\u81ea\u8eab\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u5909\u66f4<\/td><\/tr>
secretsalt<\/td>\u30e9\u30f3\u30c0\u30e0\u306a\u82f1\u6570\u5b57\u306b\u5909\u66f4<\/td><\/tr>
auth.adminpassword<\/td>\u72ec\u81ea\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u5909\u66f4<\/td><\/tr>
enable.saml20-idp<\/td>true \u306b\u5909\u66f4<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
7. config\/authsources.php \u3092\u958b\u304d\u3001entityID \u3092\u72ec\u81ea\u306e\u30c9\u30e1\u30a4\u30f3\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
8. metadata \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
$metadata[‘urn:x-simplesamlphp:example-idp’]<\/td>\u72ec\u81ea\u306e\u540d\u524d\u306b\u5909\u66f4<\/td><\/tr>
privatekey<\/td>\u4f5c\u6210\u3057\u305f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ad\u30fc\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u5909\u66f4<\/td><\/tr>
certificate<\/td>\u4f5c\u6210\u3057\u305f\u8a3c\u660e\u66f8\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u5909\u66f4<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
9. \u30d6\u30e9\u30a6\u30b6\u3067 \/simplesaml \u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001auth.adminpassword \u3067\u8a2d\u5b9a\u3057\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3001\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u4ee5\u4e0b\u306e\u901a\u308a\u3001\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u308c\u3070\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6700\u8fd1\u4ed5\u4e8b\u3067SAML\u306e\u691c\u8a3c\u74b0\u5883\u306e\u69cb\u7bc9\u3092\u3059\u308b\u6a5f\u4f1a\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u305d\u306e\u624b\u9806\u3092\u307e\u3068\u3081\u3066\u307f\u307e\u3057\u305f\u3002 SAML\uff08Security Assertion Markup Language\uff09\u3068\u306f\u3001\u4e3b\u306b\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\u7b49\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306bXML […]<\/p>\n","protected":false},"author":1,"featured_media":1718,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-unclassified"],"_links":{"self":[{"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/posts\/1717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1717"}],"version-history":[{"count":7,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/posts\/1717\/revisions"}],"predecessor-version":[{"id":1728,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/posts\/1717\/revisions\/1728"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=\/wp\/v2\/media\/1718"}],"wp:attachment":[{"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.at-iroha.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}