{"id":21028,"date":"2023-06-08T15:49:59","date_gmt":"2023-06-08T06:49:59","guid":{"rendered":"https:\/\/www.mubit.co.jp\/pb-blog\/?p=21028"},"modified":"2023-11-17T14:50:04","modified_gmt":"2023-11-17T05:50:04","slug":"keycloak%e3%81%a8saml%e3%82%84openid-connect%e8%aa%8d%e8%a8%bc%e5%af%be%e5%bf%9c%e3%81%ae%e3%83%aa%e3%83%90%e3%83%bc%e3%82%b9%e3%83%97%e3%83%ad%e3%82%ad%e3%82%b7%e9%80%a3%e6%90%ba-%e3%83%90%e3%83%83","status":"publish","type":"post","link":"https:\/\/www.mubit.co.jp\/pb-blog\/?p=21028","title":{"rendered":"\u3010Web\u306e\u6539\u4fee\u4e0d\u8981\u3011Keycloak\u3068SAML\u3084OpenID Connect\u8a8d\u8a3c\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u9023\u643a \/ Web\u3078\u4ee3\u7406\u8a8d\u8a3c\u3067SSO"},"content":{"rendered":"

Keycloak \/ idP \u3068SAML\u3084OIDC\u8a8d\u8a3c\u5bfe\u5fdc\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306e\u7d44\u307f\u5408\u308f\u305b\u3067\u3001SAML\u8a8d\u8a3c\u3084OIDC\u8a8d\u8a3c\u306b\u300c\u672a\u5bfe\u5fdc\u306eWeb\u300d\u30b7\u30b9\u30c6\u30e0\u3068\u306e\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\u3092\u884c\u3046\u5834\u5408\u306e\u69cb\u6210\u4f8b\u3067\u3059\u3002<\/p>\n

Keycloak\u3068\u4ee3\u7406\u8a8d\u8a3c\u306b\u5bfe\u5fdc\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u3092\u7d44\u307f\u5408\u308f\u305b\u3066\u3001\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\u3092\u69cb\u6210\u3057\u307e\u3059\u3002<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u3010SAML\u3084OIDC\u8a8d\u8a3c\u306b\u672a\u5bfe\u5fdc\u306eWeb\u3011<\/span><\/h3>\n

\u65e2\u5b58\u3067\u904b\u7528\u306eSSO\u306b\u672a\u5bfe\u5fdc\u306eWeb\u30b7\u30b9\u30c6\u30e0\u3092\u3001\u6539\u4fee\u4e0d\u8981\u3067SSO\u5316\u306b\u5bfe\u5fdc\u3057\u307e\u3059\u3002<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u3010\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u3011<\/span><\/h3>\n

\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306eWeb\u306b\u306f\u3001SAML \/ OIDC\u8a8d\u8a3c\u306e\u4ee3\u7406\u8a8d\u8a3c\u6a5f\u80fd\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\uff08IAP=Identity Aware Proxy\uff09\u7d4c\u7531\u3067\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059\u3002<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u3010Keycloak\u3068SAML\/OIDC\u8a8d\u8a3c\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u3067SSO\u3011<\/span><\/h3>\n

SAML\u8a8d\u8a3c\u3084OIDC\u8a8d\u8a3c\uff08Open ID Connect\uff09\u306b\u672a\u5bfe\u5fdc\u306e\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306eWeb\u3078\u3001\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u304b\u3089 \u30e6\u30fc\u30b6\u30fc\u60c5\u5831 \u3092\u4ee3\u7406\u5165\u529b\u3057\u3066SSO\u3067\u904b\u7528\u3057\u307e\u3059\u3002\u30e6\u30fc\u30b6\u30fc\u304b\u3089\u306e\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306eWeb\u3078\u306e ID \/ \u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3069\u306e\u5165\u529b\u306f\u4e0d\u8981\u3067\u3059\u3002<\/p>\n

Keycloak \u3068\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306fSAML\u8a8d\u8a3c\u3084OIDC\u8a8d\u8a3c\u3067\u9023\u643a\u3057\u307e\u3059\u3002<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

SAML\u8a8d\u8a3c\u3084OIDC\u8a8d\u8a3c\u306b\u300c\u672a\u5bfe\u5fdc\u306eWeb\u300d\u3084\u300c\u30ec\u30ac\u30b7\u30fc\u306aWeb\u300d\u3092<\/p>\n

    \n
  1. \u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\u306eWeb\u30e1\u30f3\u30d0\u30fc\u3068\u3057\u3066\u69cb\u6210<\/li>\n
  2. \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306e\u300cWeb\u30b7\u30b9\u30c6\u30e0\u300d\u306f \u6539\u4fee\u4e0d\u8981<\/li>\n
  3. \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306e\u300cWeb\u30b7\u30b9\u30c6\u30e0\u300d\u306f LAN \/ WAN \/ DMZ\u00a0 \u306e\u4efb\u610f\u306e\u5834\u6240\u306b\u8a2d\u7f6e<\/li>\n<\/ol>\n

    \u3067\u904b\u7528\u3057\u307e\u3059<\/p>\n

     <\/p>\n

     <\/p>\n

     <\/p>\n

    \u3010\u4ee3\u7406\u8a8d\u8a3c\u3011<\/span><\/h3>\n

    \u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u304c\u4ee3\u7406\u8a8d\u8a3c\u3092\u884c\u3046\u305f\u3081\u3001<\/p>\n

      \n
    1. \u5229\u7528\u8005\u5074\u3067\u306e\u300cID\/\u30d1\u30b9\u30ef\u30fc\u30c9\u300d\u306e\u5165\u529b\u4e0d\u8981<\/li>\n
    2. \u5229\u7528\u8005\u5074\u3078\u306e\u300cID\/\u30d1\u30b9\u30ef\u30fc\u30c9\u300d\u306e\u516c\u958b\u4e0d\u8981<\/li>\n<\/ol>\n\n\n\n
      \"\"<\/a><\/td>\n<\/td>\n\n

      \"\"<\/a><\/h3>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      <\/h3>\n

       <\/p>\n

       <\/p>\n

      <\/h3>\n

      \u3010SSO\u6642\u306b\u5fc5\u8981\u306a\u6a5f\u5668\u3011<\/span><\/h3>\n

      \"\"<\/a><\/h3>\n

       <\/p>\n

       <\/p>\n

       <\/p>\n

        \n
      1. idP \/ Keycloak\uff08\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30fb\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\uff09<\/li>\n
      2. SAML \/ OIDC \u8a8d\u8a3c\u5bfe\u5fdc\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\uff08\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\uff06\u4ee3\u7406\u5165\u529b\u6a5f\u80fd\uff09<\/li>\n
      3. \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306eWeb\uff08Web\u306e\u6539\u4fee\u4e0d\u8981\uff09<\/li>\n
      4. \u30d6\u30e9\u30a6\u30b6\uff08\u30d7\u30e9\u30b0\u30a4\u30f3\u4e0d\u8981\uff09<\/li>\n<\/ol>\n

        \"\"<\/a><\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

        \u3010 idP \/ Keycloak \u3011<\/span><\/h3>\n

        Keycloak\u306fSAML\u3084OIDC\u8a8d\u8a3c\u3067\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u3068\u9023\u643a\u3057\u307e\u3059<\/p>\n\n\n\n
        \"\"<\/a><\/td>\n<\/td>\n\"\"<\/a>\"\"<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

        \u3010\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u3011<\/span><\/h3>\n

        \"\"<\/a><\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

         <\/p>\n

        \u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306e\u7279\u5fb4<\/strong><\/p>\n

          \n
        1. \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306eWeb\u306eOS\u306b\u4f9d\u5b58\u3057\u306a\u3044<\/li>\n
        2. \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306eWeb\u3092\u96a0\u853d\u3067\u304d\u308b\uff08\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u30e1\u30ea\u30c3\u30c8\uff09<\/li>\n
        3. \u30d6\u30e9\u30a6\u30b6\u306e\u307f\u3067\u5229\u7528\u3067\u304d\u308b<\/li>\n<\/ol>\n

          \"\"<\/a><\/p>\n

           <\/p>\n

           <\/p>\n

           <\/p>\n

           <\/p>\n

          \u3010 SAML\/OIDC\u8a8d\u8a3c \u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u30fb\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9 \u3011<\/strong><\/span><\/h3>\n

          \"\"<\/a><\/p>\n

           <\/p>\n

           <\/p>\n

           <\/p>\n

           <\/p>\n

           <\/p>\n

          \u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306f\u3001SAML \/ OIDC\u8a8d\u8a3c\u306b\u5bfe\u5fdc\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u30fb\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9<\/p>\n

          \"\"<\/a>\u300cPowered BLUE ReverseProxy for SSO \/ IDaaS<\/a>\u300d<\/p>\n

          \u3067\u69cb\u7bc9\u904b\u7528\u3057\u307e\u3059\u3002<\/p>\n

           <\/p>\n

          \u6a5f\u80fd\u3068\u3057\u3066\u306f<\/strong><\/p>\n