\u4eca\u56de\u306fOpenAM<\/a>\u3092\u4f7f\u3063\u305f\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\uff08\u4ee5\u4e0bSSO\uff09\u306b\u3064\u3044\u3066\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n Web\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u304a\u3051\u308bSSO\u3092 \u25a0 \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u65b9\u5f0f \u25a0 \u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u65b9\u5f0f \u25a0 \u4ee3\u7406\u8a8d\u8a3c\u65b9\u5f0f \u25a0 \u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u65b9\u5f0f \u4eca\u56de\u306f\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u65b9\u5f0f\u306eSSO\u3092OpenAM\u3067\u5b9f\u73fe\u3059\u308b\u30d5\u30ed\u30fc\u306b\u3064\u3044\u3066\u7d39\u4ecb\u3057\u307e\u3059\u3002 \u4ee5\u4e0b\u3001\u5b9f\u969b\u306b\u8a66\u3057\u3066\u307f\u305f\u969b\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u60c5\u5831\u3067\u3059\u3002<\/p>\n \u25a0 OpenAM\u30b5\u30fc\u30d0 \u25a0 SSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0 \u305d\u308c\u3067\u306f\u3001OpenAM\u30b5\u30fc\u30d0\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u304b\u3089\u59cb\u3081\u307e\u3059\u3002 OpenAM\u3092\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3059\u308b\u969b\u3001OpenAM\u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d\u3092FQDN\u3067\u540d\u524d\u89e3\u6c7a\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002 \/etc\/hosts\u3067\u540d\u524d\u89e3\u6c7a\u3059\u308b\u305f\u3081\u306b\u4ee5\u4e0b\u3092\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n \/etc\/hostname\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n Java\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n \u6b21\u306bTomcat\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304c\u5b8c\u4e86\u3057\u305f\u3089\u3001\u74b0\u5883\u5909\u6570JAVA_HOME\u3068JAVA_OPTS\u304c\u30bb\u30c3\u30c8\u3055\u308c\u308b\u3088\u3046\u306b\u3001\/etc\/profile\u306b\u8ffd\u8a18\u3057\u307e\u3059\u3002 \u203b JAVA_HOME \u306f bin\/java \u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u542b\u3080\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u53c2\u7167\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002 \/etc\/profile\u306b\u8ffd\u8a18\u3057\u305f\u5185\u5bb9\u3092\u53cd\u6620\u3055\u305b\u307e\u3059\u3002<\/p>\n Tomcat\u304c\u8d77\u52d5\u3059\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n http:\/\/openam-test.example.com:8080\u306b \u3053\u3061\u3089<\/a>\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3081\u306b\u306f\u3001forgerock\u793e\u3078\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u767b\u9332\u30fb\u30b5\u30a4\u30f3\u30a4\u30f3\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n \u307e\u305f\u3001OpenAM\u306e\u30e9\u30a4\u30bb\u30f3\u30b9\u306fCDDL\u3068\u3057\u3066\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001 \u4eca\u56de\u306fOpenAM-13.0.0.zip\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3057\u305f\u3002<\/p>\n \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305fzip\u30d5\u30a1\u30a4\u30eb\u3092\u89e3\u51cd\u3057\u305f\u4e2d\u306b\u3001 http:\/\/openam-example.com:8080\/login\u306b \u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u4e0b\u8a18\u306e\u753b\u9762\u304c\u73fe\u308c\u307e\u3059\u3002<\/p>\n \u30e9\u30a4\u30bb\u30f3\u30b9\u306b\u540c\u610f\u3057\u305f\u5f8c\u306b\u3001amAdmin\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3059\u308b\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 OpenAM\u3067\u306f\u6a19\u6e96\u3067Active Directory\u3084LDAP\u3001JDBC\u306a\u3069\u69d8\u3005\u306a\u30ed\u30b0\u30a4\u30f3\u8a8d\u8a3c\u306e\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001 \u4eca\u56de\u306f\u4ee5\u4e0b\u306e\u4ed5\u69d8\u3067\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n \u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u4e0b\u8a18\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u69cb\u6210\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002 \u4ee5\u4e0b\u306e\u5185\u5bb9\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n com.sun.identity.authentication.spi.AMLoginModule\u3092\u7d99\u627f\u3057\u305f\u30af\u30e9\u30b9\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002 java.security.Principal\u3092\u5b9f\u88c5\u3057\u305f\u30af\u30e9\u30b9\u3067\u3059\u3002 \u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3067\u5dee\u3057\u66ff\u3048\u306b\u5fc5\u8981\u3068\u306a\u308b\u6587\u5b57\u5217\u306a\u3069\u3092\u5b9a\u7fa9\u3057\u305f\u30d7\u30ed\u30d1\u30c6\u30a3\u30d5\u30a1\u30a4\u30eb\u3067\u3059\u3002 \u4f5c\u6210\u3059\u308b\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092OpenAM\u306b\u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u8aad\u307f\u8fbc\u307e\u305b\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3067\u3059\u3002 \u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306eUI\u8868\u793a\u306b\u4f7f\u7528\u3059\u308bxml\u30d5\u30a1\u30a4\u30eb\u3067\u3059\u3002 \u5185\u5bb9\u306f\u3053\u3061\u3089<\/a>\u3068\u540c\u5185\u5bb9\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n \u3053\u3053\u307e\u3067\u7528\u610f\u3067\u304d\u308c\u3070\u30d3\u30eb\u30c9\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n target\u306e\u4e0b\u306b\u3001sample-auth-module-1.0.0.jar\u304c\u4f5c\u6210\u3055\u308c\u307e\u3059\u306e\u3067\u3001 \u4f5c\u6210\u3057\u305f\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092OpenAM\u306b\u767b\u9332\u3059\u308b\u305f\u3081\u306b\u3001 \u6700\u521d\u306b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305fOpenAM-13.0.0.zip\u306e\u4e2d\u306e\u3001 \u3053\u308c\u3092OpenAM\u30b5\u30fc\u30d0\u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001 \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305fssoadm\u3067\u4f5c\u6210\u3057\u305f\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092OpenAM\u306b\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n \u767b\u9332\u5b8c\u4e86\u5f8c\u3001Tomcat\u3092\u518d\u8d77\u52d5\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n http:\/\/openam-test.example:8080\/login\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3001 \u307e\u305a\u3001\u8a8d\u8a3c\u3092\u884c\u3046\u30ec\u30eb\u30e0(\u4e00\u9023\u306e\u8a8d\u8a3c\u8a2d\u5b9a\u3092\u7ba1\u7406\u3059\u308b\u5358\u4f4d\uff09\u3092\u4f5c\u6210\u3057\u3066\u3044\u304d\u307e\u3059\u3002 \u300cNew Realm\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001 sample\u30ec\u30eb\u30e0\u306b\u5bfe\u3057\u3066\u8a8d\u8a3c\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n sample\u30ec\u30eb\u30e0\u3092Authentication > Settings\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/p>\n \u307e\u305a\u3001\u30e6\u30fc\u30b6\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u30bf\u30d6\u3067\u3001 \u6b21\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bf\u30d6\u3067\u3001 \u300cAdd Module\u300d\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30e2\u30b8\u30e5\u30fc\u30eb\u8ffd\u52a0\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 Authentication > Chains > \u300cAdd Chain\u300d\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u65b0\u898f\u8a8d\u8a3c\u9023\u9396\u767b\u9332\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 Authentication > Settings > Core\u30bf\u30d6\u3092\u9078\u629e\u3057\u3001 \u6b21\u306b\u300c\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u300d\u306e\u8a2d\u5b9a\u3092\u884c\u306a\u3044\u307e\u3059\u3002 sample\u30ec\u30eb\u30e0 > Agents \u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u4e0b\u8a18\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 <\/p>\n \u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u30d5\u30a7\u30c3\u30c1\u30e2\u30fc\u30c9\u306f\u300cHTTP HEADER\u300d\u3092\u9078\u629e\u3057\u3001 <\/p>\n <\/p>\n <\/p>\n Apache\u306b\u7d44\u307f\u8fbc\u3080Policy Agent\u3092\u3053\u3061\u3089<\/a>\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3081\u306b\u306f\u3001forgerock\u793e\u3078\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u767b\u9332\u30fb\u30b5\u30a4\u30f3\u30a4\u30f3\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n \u7121\u511f\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u308b\u6700\u65b0\u306ePolicy Agent\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c4.0.0\u3067\u3059\u304c\u3001 \u4eca\u56de\u306f\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u65b9\u5f0f\u3067\u3059\u306e\u3067\u3001OpenAM\u30b5\u30fc\u30d0\u306eApache 2.4\u306bPolicy Agent\u3092\u7d44\u307f\u8fbc\u307f\u307e\u3059\u3002 Apache\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u3001yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305fPolicy Agent\u3092\u89e3\u51cd\u3057\u307e\u3059\u3002<\/p>\n \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u524d\u306bApache\u3092\u505c\u6b62\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n \u305d\u308c\u3067\u306fPolicy Agent\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n \u3053\u308c\u3067Policy Agent\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f\u5b8c\u4e86\u3057\u307e\u3057\u305f\u304c\u3001 SSO\u5bfe\u8c61\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3078\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002 \u203b SSO\u5bfe\u8c61\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u5897\u3084\u3059\u5834\u5408\u306f\u3001\u4e0a\u8a18\u306eLocation\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n \u3053\u3053\u307e\u3067\u5b8c\u4e86\u3057\u305f\u3089\u3001OpenAM\u30b5\u30fc\u30d0\u306eApache\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n \u5b9f\u969b\u306b\u52d5\u4f5c\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n \u307e\u305a\u3001HTTP\u30d8\u30c3\u30c0\u306e\u5185\u5bb9\u3092\u51fa\u529b\u3059\u308bPHP\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002 \u3067\u306f\u3001\u30d6\u30e9\u30a6\u30b6\u304b\u3089http:\/\/openam-test.example.com\/sample\u306b\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059\u3002 <\/p>\n \u203b\u4e0a\u8a18\u306e\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306e\u30c7\u30b6\u30a4\u30f3\u306f\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u53ef\u80fd\u3067\u3059\u3002\u65b9\u6cd5\u306f\u3053\u3061\u3089<\/a>\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<\/p>\n <\/p>\n OpenAM\u306e\u8a2d\u5b9a\u753b\u9762\u3067\u8a2d\u5b9a\u3057\u305f\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u540d\u3068\u30ed\u30b0\u30a4\u30f3\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001 <\/p>\n \u9577\u6587\u3068\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u304c\u3001\u6700\u5f8c\u307e\u3067\u304a\u8aad\u307f\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3057\u305f\u3002<\/p>\n OpenAM\u3067\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u65b9\u5f0f\u306eSSO\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306e\u624b\u9806\u3092\u3056\u3063\u3068\u7d39\u4ecb\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3057\u305f\u304c\u3001 \u3053\u3093\u306b\u3061\u306f\u3001\u767d\u5ddd\u3067\u3059\u3002<\/p>\n \u3053\u308c\u306fTECHSCORE Advent Calendar 2016\u306e21\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002<\/p>\n \u4eca\u56de\u306fOpenAM\u3092\u4f7f\u3063\u305f\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\uff08\u4ee5\u4e0bSSO\uff09\u306b\u3064\u3044\u3066\u7d39\u4ecb\u3057\u307e\u3059\u3002OpenAM\u306b\u3064\u3044\u3066<\/h2>\n
OpenAM\u306e\u6982\u8981<\/h4>\n
\n\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3068\u306a\u308b\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u3059\u3002
\nSAML\u3001OAuth2\u3001OpenID Connect\u3001\u306a\u3069\u8a8d\u8a3c\u3001\u8a8d\u53ef\u306b\u95a2\u9023\u3057\u305f\u8907\u6570\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\nSSO\u306e\u5b9f\u73fe\u65b9\u5f0f<\/h4>\n
\n\u3000SSO\u5bfe\u8c61\u306eWeb\u30b5\u30fc\u30d0\/\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u306bOpenAM\u306ePolicy Agent\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3001Policy Agent\u304c\u30d6\u30e9\u30a6\u30b6\u3068Web\u30b5\u30fc\u30d0\/\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u306e\u901a\u4fe1\u306e\u4e2d\u3067\u3001OpenAM\u30b5\u30fc\u30d0\u306b\u8a8d\u8a3c\u72b6\u614b\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u3067SSO\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002
\n\u3000Policy Agent\u306fWeb\u30b5\u30fc\u30d0\uff08Apache\u3001IIS\uff09\u7528\u3068\u3001Java EE\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\uff08Tomcat\u3001WebLogic\uff09\u7528\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
\n\u3000\u30d6\u30e9\u30a6\u30b6\u3068Web\u30b5\u30fc\u30d0\/\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u306e\u9593\u306b\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u3092\u8a2d\u7f6e\u3057\u3066\u3001\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u306bPolicy Agent\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u3067\u3001SSO\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002
\n\u3000\u3053\u306e\u65b9\u5f0f\u3067\u306f\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u306b\u306e\u307fPolicy Agent\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u306e\u307f\u3067\u6e08\u307f\u307e\u3059\u306e\u3067\u3001\u8907\u6570\u306eSSO\u5bfe\u8c61\u306eWeb\u30b5\u30fc\u30d0\/\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u304c\u5b58\u5728\u3059\u308b\u5834\u5408\u3001\u5c55\u958b\u3057\u3084\u3059\u3044\u3067\u3059\u3002<\/p>\n
\n\u3000SSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u5bfe\u3057\u3066\u3001ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u9001\u4fe1\u3057\u3001\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u3067\u3001SSO\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002
\n \u3000\u30d1\u30c3\u30b1\u30fc\u30b8\u30bd\u30d5\u30c8\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306a\u3069\u3001SSO\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306e\u4fee\u6b63\u5bfe\u5fdc\u304c\u96e3\u3057\u3044\u5834\u5408\u306b\u4f7f\u308f\u308c\u307e\u3059\u3002
\n\u3000\u307e\u305f\u3001\u3053\u306e\u65b9\u5f0f\u3067\u306f\u3001SSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306eID\/\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f55\u3089\u304b\u306e\u65b9\u5f0f\u3067\u540c\u671f\u3055\u305b\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
\n\u7570\u306a\u308b\u30c9\u30e1\u30a4\u30f3\u9593\u3067\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u7b49\u306e\u60c5\u5831\u3092\u6e21\u3059\u3053\u3068\u306a\u304f\u3001\u5b89\u5168\u306b\u8a8d\u8a3c\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u3092\u9023\u643a\u3059\u308b\u3053\u3068\u3067\u3001\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3(SSO)\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002<\/p>\n
\n\u4e0b\u8a18\u304c\u4eca\u56de\u7d39\u4ecb\u3059\u308b\u30d5\u30ed\u30fc\u306e\u6982\u8981\u56f3\u3067\u3059\u3002<\/p>\n![\"\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/80da72009618e36bb472e8ddc69300ca.png\")
<\/a>
\n
\n <\/p>\n\n
\u74b0\u5883<\/h4>\n
\n\u30fbOS\uff1aCentOS 7.2
\n\u30fbApache HTTP Server\uff1a2.4.6
\n\u30fbTomcat\uff1a7.0.73
\n\u30fbJava\uff1aopenjdk-1.8.0.111
\n\u30fbOpenAM\uff1a13.0.0<\/p>\n
\n\u30fbOS\uff1aCentOS 7.2
\n\u30fbApache HTTP Server\uff1a2.4.6
\n\u30fbPHP: 5.4.16
\n\u30fbOpenAM Web Policy Agent: 4.0.0 for Apache 2.4<\/p>\nOpenAM\u30b5\u30fc\u30d0\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/h2>\n
\n\u4e0b\u8a18\u306e\u624b\u9806\u306f\u5168\u3066root\u30e6\u30fc\u30b6\u3067\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/p>\n
\n\u307e\u305f.(\u30c9\u30c3\u30c8)\u304c2\u3064\u4ee5\u4e0a\u3042\u308bFQDN\u3068\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\n\u4eca\u56de\u306f\u3001OpenAM\u30b5\u30fc\u30d0\u306eFQDN\u3092\u300copenam-test.example.com\u300d\u3068\u3057\u307e\u3059\u3002<\/p>\n\r\n[OpenAM\u30b5\u30fc\u30d0\u306eIP\u30a2\u30c9\u30ec\u30b9] openam-test.example.com\r\n<\/pre>\n
\r\nopenam-test.example.com\r\n<\/pre>\n
1. Java\u3001Tomcat\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
\r\n$ sudo su -\r\n# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel\r\njava -version\r\nopenjdk version \"1.8.0_111\"\r\nOpenJDK Runtime Environment (build 1.8.0_111-b15)\r\nOpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode)\r\n<\/pre>\n
\r\n# wget http:\/\/ftp.riken.jp\/net\/apache\/tomcat\/tomcat-7\/v7.0.73\/bin\/apache-tomcat-7.0.73.tar.gz\r\n# tar xvzf apache-tomcat-7.0.73.tar.gz\r\n# mv apache-tomcat-7.0.73 \/usr\/local\/tomcat\r\n<\/pre>\n
\nOpenAM\u306e\u8d77\u52d5\u306b\u306f\u30011GB\u306eJava\u30d2\u30fc\u30d7\u3068256MB\u306ePermanent\u9818\u57df(Java8\u304b\u3089\u306fMetaspace\u9818\u57df\uff09\u304c\u5fc5\u8981\u3067\u3059\u3002
\n\u8ffd\u8a18\u3059\u308b\u5185\u5bb9\u306f\u4e0b\u8a18\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n\r\nexport JAVA_HOME=\/usr\/lib\/jvm\/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64\r\nexport PATH=$PATH:$JAVA_HOME\/bin\r\nexport JAVA_OPTS=\"-Xmx1024m -XX:MaxMetaspaceSize=256m\"\r\nexport TOMCAT_HOME=\/usr\/local\/tomcat\r\nexport CATALINA_HOME=\/usr\/local\/tomcat\r\nexport CLASSPATH=.:$JAVA_HOME\/jre\/lib:$JAVA_HOME\/lib:$JAVA_HOME\/lib\/tools.jar:$CATALINA_HOME\/lib\r\n<\/pre>\n
\n\u4e0d\u660e\u306a\u5834\u5408\u306f\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u3067\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n\r\n# readlink -f \/usr\/bin\/javac | sed s:\/bin\/javac::\r\n\/usr\/lib\/jvm\/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64\r\n<\/pre>\n
\r\n# source \/etc\/profile\r\n<\/pre>\n
\r\n# \/usr\/local\/tomcat\/bin\/startup.sh\r\n<\/pre>\n
\n\u30d6\u30e9\u30a6\u30b6\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3057\u3066Tomcat\u306eTop\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u308c\u3070\u3053\u3053\u307e\u3067\u306fOK\u3067\u3059\u3002
\n\u203b \u30a2\u30af\u30bb\u30b9\u3059\u308b\u7aef\u672b\u306ehosts\u30d5\u30a1\u30a4\u30eb\u306b\u3082\u4ee5\u4e0b\u3092\u8a2d\u5b9a\u3057\u3066\u304a\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\r\n[OpenAM\u30b5\u30fc\u30d0\u306eIP\u30a2\u30c9\u30ec\u30b9] 192.168.56.80\r\n<\/pre>\n
2. OpenAM\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
\n\u3044\u3064\u304b\u3089\u305d\u3046\u306a\u3063\u305f\u304b\u306f\u4e0d\u660e\u3067\u3059\u304c\u3001\u30e1\u30b8\u30e3\u30fc\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u307f\u7121\u511f\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u53ef\u80fd\u3068\u306a\u3063\u305f\u3088\u3046\u3067\u3059\u3002
\n\u30de\u30a4\u30ca\u30fc\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306f\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u306e\u8cfc\u5165\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n
\nOpenAM-13.0.0.war\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001
\nTomcat\u306ewebapps\u30d5\u30a9\u30eb\u30c0\u306b\u30b3\u30d4\u30fc\u3057\u3066\u3001Tomcat\u3092\u518d\u8d77\u52d5\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\r\ncp OpenAM-13.0.0.war \/usr\/local\/tomcat\/webapps\/login.war\r\n<\/pre>\n
3. OpenAM\u306e\u521d\u671f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/h4>\n
\n\u30d6\u30e9\u30a6\u30b6\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3057\u3066\u521d\u671f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n![\"\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/top.png\")
<\/a>
\n
\n\u3053\u3053\u3067\u306f\u5fc5\u305a\u300c\u30ab\u30b9\u30bf\u30e0\u8a2d\u5b9a\u300d\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\n\u300c\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u300d\u306b\u306f\u4e0d\u5177\u5408<\/a>\u304c\u3042\u308a\u3001\u5f8c\u306b\u554f\u984c\u304c\u8d77\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u305f\u3081\u3067\u3059\u3002<\/p>\n
\namAdmin\u30e6\u30fc\u30b6\u306fopenam\u306e\u7ba1\u7406\u8005\u6a29\u9650\u3092\u6301\u3064\u30e6\u30fc\u30b6\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5fd8\u308c\u3066\u3057\u307e\u3046\u3068\u3001openam\u306e\u4e00\u5207\u306e\u8a2d\u5b9a\u304c\u3067\u304d\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3046\u305f\u3081\u3001\u5fd8\u308c\u306a\u3044\u3088\u3046\u306b\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3059\u3002
\n\u3053\u3053\u3067\u306fopenam01\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n![\"OpenAM](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/02_amadmin_password.png\")
<\/a>
\n
\n
\n\u6b21\u306b\u300c\u30b5\u30fc\u30d0\u30fc\u8a2d\u5b9a\u300d\u753b\u9762\u306b\u9077\u79fb\u3057\u307e\u3059\u3002
\n\u3053\u3053\u3067\u306f\u3001\u8a2d\u5b9a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u307f\u300c\/usr\/local\/openam\u300d\u3068\u3057\u307e\u3057\u305f\u3002
\n\u305d\u306e\u4ed6\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u8a2d\u5b9a\u3055\u308c\u308b\u5185\u5bb9\u306e\u307e\u307e\u6b21\u306b\u9032\u307f\u307e\u3059\u3002<\/p>\n![\"\u30b5\u30fc\u30d0\u30fc\u8a2d\u5b9a\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/03_server_setting.png\")
<\/a>
\n
\n
\n\u6b21\u306b\u300c\u8a2d\u5b9a\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u300d\u753b\u9762\u306b\u9077\u79fb\u3057\u307e\u3059\u3002
\n\u3053\u3053\u306f\u300cOpenAM\u300d\u304c\u521d\u671f\u3067\u9078\u629e\u3055\u308c\u3066\u304a\u308a\u3001\u8a2d\u5b9a\u5185\u5bb9\u306f\u5909\u66f4\u305b\u305a\u306b\u6b21\u306b\u9032\u307f\u307e\u3059\u3002<\/p>\n![\"\u8a2d\u5b9a\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/04_setting_data_store.png\")
<\/a>
\n
\n
\n\u6b21\u306b\u300c\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u300d\u753b\u9762\u306b\u9077\u79fb\u3057\u307e\u3059\u3002
\n\u3053\u3053\u306f\u300cOpenAM\u306e\u30e6\u30fc\u30b6\u30b9\u30c8\u30a2\u300d\u3092\u9078\u629e\u3057\u3066\u3001\u6b21\u306b\u9032\u307f\u307e\u3059\u3002<\/p>\n![\"\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/05_user_data_store.png\")
<\/a>
\n
\n
\n\u6b21\u306b\u300c\u30b5\u30a4\u30c8\u8a2d\u5b9a\u300d\u753b\u9762\u306b\u9077\u79fb\u3057\u307e\u3059\u3002
\n\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u306e\u4e0b\u306b\u914d\u7f6e\u3055\u308c\u308bOpenAM\u30b5\u30fc\u30d0\u304b\u3069\u3046\u304b\u3092\u554f\u308f\u308c\u307e\u3059\u3002
\nOpenAM\u3092\u5197\u9577\u5316\u3059\u308b\u5834\u5408\u306bYES\u306b\u3059\u308b\u3088\u3046\u3067\u3059\u304c\u3001\u4eca\u56de\u306fNO\u3067\u6b21\u306b\u9032\u307f\u307e\u3059\u3002<\/p>\n![\"\u30b5\u30a4\u30c8\u8a2d\u5b9a\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/06_load_balancer.png\")
<\/a>
\n
\n
\n\u6b21\u306bPolicy Agent\u3067\u4f7f\u7528\u3059\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002
\n\u5f8c\u306e\u624b\u9806\u3067\u5fc5\u8981\u3068\u306a\u308a\u307e\u3059\u306e\u3067\u3001\u5fd8\u308c\u306a\u3044\u3088\u3046\u306b\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3059\u3002\u3053\u3053\u3067\u306fopenam02\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n![\"Policy](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/07_policy_agent_password.png\")
<\/a>
\n
\n
\n\u6700\u7d42\u78ba\u8a8d\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u306e\u3067\u3001
\n\u300c\u8a2d\u5b9a\u306e\u4f5c\u6210\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n![\"\u6700\u7d42\u78ba\u8a8d\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/08_last_confirm.png\")
<\/a>
\n
\n
\n\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u753b\u9762\u8868\u793a\u3055\u308c\u308c\u3070\u3001\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n![\"\u5b8c\u4e86\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/09_end.png\")
<\/a>
\n
\n
\n\u3082\u3057\u3053\u3053\u3067\u5931\u6557\u3057\u305f\u5834\u5408\u306f\u3001OpenAM\u306e\u8a2d\u5b9a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\uff08\u4eca\u56de\u3067\u306f\/usr\/local\/openam\uff09\u76f4\u4e0b\u306b\u3042\u308binstall.log\u306b\u3001
\n\u30a8\u30e9\u30fc\u5185\u5bb9\u304c\u51fa\u529b\u3055\u308c\u3066\u3044\u307e\u3059\u3002
\n\u30a8\u30e9\u30fc\u5185\u5bb9\u78ba\u8a8d\u306e\u4e0a\u3001\u518d\u5ea6\u521d\u671f\u8a2d\u5b9a\u304b\u3089\u884c\u3046\u5834\u5408\u306f\u3001OpenPM\u306e\u8a2d\u5b9a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3001Tomcat\u306e\u914d\u5099\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u524a\u9664\u3057\u3066\u3001
\nTomcat\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n\r\n\/usr\/local\/tomcat\/bin\/shutdown.sh\r\nrm -Rf \/usr\/local\/openam\r\nrm -Rf \/usr\/local\/tomcat\/webapps\/login\r\n\/usr\/local\/tomcat\/bin\/startup.sh\r\n<\/pre>\n
4. \u72ec\u81ea\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u4f5c\u6210<\/h4>\n
\n\u72ec\u81ea\u306e\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3067\u3059\u3002
\nOpenAM\u306eDevelopers Guide<\/a>\u306b\u65b9\u6cd5\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001
\n\u3053\u3061\u3089\u3092\u53c2\u8003\u306b\u4f5c\u6210\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n\n
\n\u2605\u3092\u3064\u3051\u305f\u3082\u306e\u3092\u7528\u610f\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n\r\n\u251c\u2500\u2500 pom.xml \u2605\r\n\u2514\u2500\u2500 src\r\n\u00a0\u00a0 \u2514\u2500\u2500 main\r\n\u00a0\u00a0 \u251c\u2500\u2500 java\r\n\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 com\r\n\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 example\r\n\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 openam\r\n\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 SampleAuth.java \u2605\r\n\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 SampleAuthPrincipal.java \u2605\r\n\u00a0\u00a0 \u2514\u2500\u2500 resources\r\n\u00a0\u00a0 \u251c\u2500\u2500 amAuthSampleAuth.properties \u2605\r\n\u00a0\u00a0 \u251c\u2500\u2500 amAuthSampleAuth.xml \u2605\r\n\u00a0\u00a0 \u2514\u2500\u2500 config\r\n\u00a0\u00a0 \u2514\u2500\u2500 auth\r\n\u00a0\u00a0 \u2514\u2500\u2500 default\r\n\u00a0\u00a0 \u2514\u2500\u2500 login\r\n \u00a0 \u2514\u2500\u2500 services\r\n\u00a0 \u2514\u2500\u2500 sample\r\n\u00a0\u00a0 \u2514\u2500\u2500 html\r\n \u00a0 \u2514\u2500\u2500 SampleAuth.xml\u2605\r\n<\/pre>\n
4-1. pom.xml\u306e\u6e96\u5099<\/h5>\n
\r\n\r\n
4-2. src\/main\/java\/org\/forgerock\/openam\/examples\/SampleAuth.java<\/h5>\n
\nprocess\u3068\u3044\u3046\u30e1\u30bd\u30c3\u30c9\u306ecase\u6587\u306eSTATE_AUTH\u306e\u90e8\u5206\u306b\u30ed\u30b0\u30a4\u30f3\u30dc\u30bf\u30f3\u62bc\u4e0b\u6642\u306e\u30ed\u30b8\u30c3\u30af\u3092\u8a18\u8ff0\u3057\u307e\u3059\u3002
\n\u4eca\u56de\u306f\u3001\u3053\u3061\u3089<\/a>\u3092\u53c2\u8003\u306b\u3001\u4ee5\u4e0b\u306e\u5185\u5bb9\u3067\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002<\/p>\n\r\npackage com.example.openam;\r\n\r\nimport java.security.Principal;\r\nimport java.util.Map;\r\nimport java.util.ResourceBundle;\r\n\r\nimport javax.security.auth.Subject;\r\nimport javax.security.auth.callback.Callback;\r\nimport javax.security.auth.callback.NameCallback;\r\nimport javax.security.auth.callback.PasswordCallback;\r\nimport javax.security.auth.login.LoginException;\r\n\r\nimport com.sun.identity.authentication.spi.AMLoginModule;\r\nimport com.sun.identity.authentication.spi.AuthLoginException;\r\nimport com.sun.identity.authentication.util.ISAuthConstants;\r\nimport com.sun.identity.shared.datastruct.CollectionHelper;\r\nimport com.sun.identity.shared.debug.Debug;\r\n\r\n\/**\r\n * SampleAuth authentication module example.\r\n *\r\n * If you create your own module based on this example, you must modify all\r\n * occurrences of \"SampleAuth\" in addition to changing the name of the class.\r\n *\r\n * Please refer to OpenAM documentation for further information.\r\n *\r\n * Feel free to look at the code for authentication modules delivered with\r\n * OpenAM, as they implement this same API.\r\n *\/\r\npublic class SampleAuth extends AMLoginModule {\r\n\r\n \/\/ Name for the debug-log\r\n private final static String DEBUG_NAME = \"SampleAuth\";\r\n private final static Debug debug = Debug.getInstance(DEBUG_NAME);\r\n\r\n \/\/ Name of the resource bundle\r\n private final static String amAuthSampleAuth = \"amAuthSampleAuth\";\r\n\r\n \/\/ User names for authentication logic\r\n private static String USERNAME;\r\n private static String PASSWORD;\r\n\r\n \/\/ Orders defined in the callbacks file\r\n private final static int STATE_BEGIN = 1;\r\n private final static int STATE_AUTH = 2;\r\n private final static int STATE_ERROR = 3;\r\n\r\n \/\/ Errors properties\r\n private final static String SAMPLE_AUTH_ERROR_REQUIRED_USERNAME = \"sampleauth-error-required-username\";\r\n private final static String SAMPLE_AUTH_ERROR_REQUIRED_PASSWORD = \"sampleauth-error-required-password\";\r\n private final static String SAMPLE_AUTH_ERROR_INVALID_USERNAME_OR_PASSWORD = \"sampleauth-error-invalid-username-or-password\";\r\n \r\n private Map4-3. src\/main\/java\/org\/forgerock\/openam\/examples\/SampleAuthPrincipal.java<\/h5>\n
\n\u3053\u3053\u3067\u306f\u3053\u3061\u3089<\/a>\u306e\u5185\u5bb9\u3092\u305d\u306e\u307e\u307e\u5229\u7528\u3057\u307e\u3059\u3002\uff08\u5185\u5bb9\u306f\u5272\u611b\u3057\u307e\u3059\u3002\uff09<\/p>\n4-4. src\/main\/resources\/amAuthSampleAuth.properties<\/h5>\n
\n\u3053\u3061\u3089<\/a>\u3092\u53c2\u8003\u306b\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002
\n\u203b native2ascii\u3067Unicode\u306b\u5909\u63db\u3059\u308b\u524d\u306e\u5185\u5bb9\u3067\u3059\u3002<\/p>\n\r\nsampleauth-service-description=\u30b5\u30f3\u30d7\u30eb\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\r\na500=\u8a8d\u8a3c\u30ec\u30d9\u30eb\r\na501=Service Specific Attribute\r\na502=\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u540d\r\na503=\u30ed\u30b0\u30a4\u30f3\u30d1\u30b9\u30ef\u30fc\u30c9\r\n\r\nsampleauth-ui-login-header=\u30b5\u30f3\u30d7\u30eb\u30ed\u30b0\u30a4\u30f3\u753b\u9762\r\nsampleauth-ui-username-prompt=\u30e6\u30fc\u30b6\u540d:\r\nsampleauth-ui-password-prompt=\u30d1\u30b9\u30ef\u30fc\u30c9:\r\nsampleauth-error-required-username=\u30e6\u30fc\u30b6\u540d\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002\r\nsampleauth-error-required-password=\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002\r\nsampleauth-error-invalid-username-or-password=\u30e6\u30fc\u30b6\u540d\u307e\u305f\u306f\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u9055\u3044\u307e\u3059\u3002\r\n<\/pre>\n
4-5. src\/main\/resources\/amAuthSampleAuth.xml<\/h5>\n
\n\u30b5\u30fc\u30d3\u30b9\u540d\u306fiPlanetAMAuth \u304b sunAMAuth \u3067\u958b\u59cb\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nAttributeSchema\u3067OpenAM\u306e\u7ba1\u7406\u753b\u9762\u3067\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u4f7f\u3046\u8a2d\u5b9a\u5185\u5bb9\u3092\u5b9a\u7fa9\u3057\u307e\u3059\u3002
\n\u3053\u3061\u3089<\/a>\u3092\u53c2\u8003\u306b\u4ee5\u4e0b\u306e\u5185\u5bb9\u3067\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002<\/p>\n\r\n\r\n\r\n\r\n\r\n
4-6. src\/main\/resources\/config\/auth\/default\/openam\/services\/sample\/SampleAuth.xml<\/h5>\n
\n\u901a\u5e38\u306fsrc\/main\/resources\/config\/auth\/default\/SampleAuth.xml\u3068\u3057\u3066\u4f5c\u6210\u3057\u307e\u3059\u304c\u3001
\n\u4eca\u56de\u306fsample\u3068\u3044\u3046realm\u3067\u4f5c\u6210\u3057\u307e\u3059\u306e\u3067\u3001
\n\u3053\u3061\u3089<\/a>\u306b\u5f93\u3044\u3001
\nsrc\/main\/resources\/config\/auth\/default\/openam\/services\/sample\/SampleAuth.xml \u3068\u3057\u3066\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\r\n#\u3000mvn install\r\n<\/pre>\n
\nOpenAM\u304c\u914d\u5099\u3055\u308c\u305f\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306eWEB-INF\/lib\u914d\u4e0b\u306b\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002<\/p>\n\r\n# cp target\/sample-auth-module-1.0.0.jar \/usr\/local\/tomcat\/webapps\/login\/WEB-INF\/lib\/\r\n<\/pre>\n
5. \u72ec\u81ea\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092OpenAM\u306b\u767b\u9332<\/h4>\n
\nssoadm\u3068\u3044\u3046\u30c4\u30fc\u30eb\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
\nSSOAdminTools-13.0.0.zip\u304cssoadm\u3067\u3059\u3002<\/p>\n
\n\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n\r\n# mkdir -p \/usr\/local\/ssoadmintools\r\n# cd \/usr\/local\/ssoadmintools\r\n# unzip \/path\/to\/SSOAdminTools-13.0.0.zip\r\n# .\/setup\r\nDo you accept the license? y\r\nOpenAM \u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30b9 [\/root\/openam]:\/usr\/local\/openam\r\n\u30c7\u30d0\u30c3\u30b0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea [\/usr\/local\/ssoadmintools\/debug]:\r\n\u30ed\u30b0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea [\/usr\/local\/ssoadmintools\/log]:\r\n\r\n\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u6b21\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u6b63\u3057\u304f\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u307e\u3059: \/usr\/local\/ssoadmintools\/login\r\n\u30c7\u30d0\u30c3\u30b0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f \/usr\/local\/ssoadmintools\/debug \u3067\u3059\u3002\r\n\u30ed\u30b0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f \/usr\/local\/ssoadmintools\/log \u3067\u3059\u3002\r\n\u3053\u306e tools.zip \u306e\u30d0\u30fc\u30b8\u30e7\u30f3: OpenAM 13.0.0\r\n\u30b5\u30fc\u30d0\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u30d0\u30fc\u30b8\u30e7\u30f3: OpenAM 13.0.0 Build 5d4589530d (2016-January-14 21:15)\r\n<\/pre>\n
\r\n# echo [amAdmin\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3002\u3053\u3053\u3067\u306fopenam01] > \/tmp\/password.txt\r\n# chmod 400 \/tmp\/password.txt\r\n# cd \/usr\/local\/ssoadmintools\/login\/bin\r\n# .\/ssoadm create-svc --adminid amAdmin --password-file \/tmp\/password.txt --xmlfile path\/to\/amAuthSampleAuth.xml\r\n# .\/ssoadm register-auth-module --adminid amAdmin --password-file \/tmp\/password.txt --authmodule com.example.openam.SampleAuth\r\n<\/pre>\n
6. OpenAM\u306e\u8a2d\u5b9a<\/h4>\n
\namAdmin\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059\u3002<\/p>\n
\n\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001OpenAM\u306b\u4f5c\u6210\u3055\u308c\u305f\u30ec\u30eb\u30e0\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\n\u521d\u671f\u72b6\u614b\u3067\u306fTop Level Realm\u304c\u767b\u9332\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\n\u30ec\u30eb\u30e0\u306e\u65b0\u898f\u767b\u9332\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u306e\u3067\u3001
\n\u5148\u307b\u3069\u767b\u9332\u3057\u305f\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u30ec\u30eb\u30e0\u540d\u3092sample\u3068\u3057\u3066\u4f7f\u3046\u60f3\u5b9a\u3067\u3057\u305f\u306e\u3067\u3001
\n\u30ec\u30eb\u30e0\u540d\u3092sample\u3068\u3057\u3066\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n![\"\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/01_new_subrealm.png\")
<\/a>
\n
\n <\/p>\n6-1. sample\u30ec\u30eb\u30e0\u306e\u8a8d\u8a3c\u8a2d\u5b9a<\/h5>\n
\n\u300c\u30e6\u30fc\u30b6\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u300d\u3092\u300c\u5fc5\u9808\u300d\u2192\u300c\u52d5\u7684\u300d\u306b\u5909\u66f4\u3057\u307e\u3059\u3002
\n![\"\u30e6\u30fc\u30b6\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u8a2d\u5b9a\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/UserProfileModify.png\")
<\/a>
\n
\n
\nOpenAM\u306e\u8a8d\u8a3c\u30d5\u30ed\u30fc\u3067\u306f\u3001
\n\u8a8d\u8a3c\u5f8c\u306b\u300c\u30e6\u30fc\u30b6\u304cOpenAM\u304c\u7ba1\u7406\u3059\u308b\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u306b\u5b58\u5728\u3057\u3066\u3044\u308b\u304b\u300d\u3092\u5fc5\u305a\u30c1\u30a7\u30c3\u30af\u3057\u3066\u3001\u5b58\u5728\u3057\u306a\u3044\u5834\u5408\u306f\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3059\u3002\uff08\u8a73\u3057\u304f\u306f\u3053\u3061\u3089\u3092\u53c2\u7167<\/a>\u304f\u3060\u3055\u3044\u3002\uff09
\nID\/\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4e88\u3081OpenAM\u306e\u7ba1\u7406\u3059\u308b\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u306b\u767b\u9332\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308b\u306e\u3067\u3059\u304c\u3001
\n\u4e0a\u8a18\u306e\u8a2d\u5b9a\u3092\u65bd\u3059\u3053\u3068\u3067\u3001\u8a8d\u8a3c\u5f8c\u306b\u8a72\u5f53\u306e\u30e6\u30fc\u30b6\u304cOpenAM\u304c\u7ba1\u7406\u3059\u308b\u30c7\u30fc\u30bf\u30b9\u30c8\u30a2\u306b\u5b58\u5728\u3057\u306a\u3044\u5834\u5408\u3001
\nOpenAM\u306e\u65b9\u3067\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3057\u3066\u304f\u308c\u307e\u3059\u306e\u3067\u3001\u8a8d\u8a3c\u6210\u529f\u3057\u305f\u306b\u3082\u304b\u304b\u308f\u3089\u305a\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u308b\u3088\u3046\u306a\u3053\u3068\u306f\u306a\u304f\u306a\u308a\u307e\u3059\u3002
\n\u5916\u90e8\u30b5\u30fc\u30d0\u3068\u3084\u308a\u3068\u308a\u3057\u3066\u8a8d\u8a3c\u3092\u884c\u306a\u3046\u3088\u3046\u306a\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5834\u5408\u306f\u3001ID\/\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u4e8b\u524d\u306e\u540c\u671f\u304c\u4e0d\u8981\u306b\u306a\u308a\u307e\u3059\u306e\u3067\u3001\u3053\u306e\u8a2d\u5b9a\u304c\u4f7f\u3048\u308b\u306e\u3067\u306f\u306a\u3044\u304b\u3068\u8003\u3048\u307e\u3059\u3002<\/p>\n
\n\u30e2\u30b8\u30e5\u30fc\u30eb\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3092\u7121\u52b9\u5316\u3057\u307e\u3059\u3002<\/p>\n![\"\u30e2\u30b8\u30e5\u30fc\u30eb\u30d9\u30fc\u30b9\u8a8d\u8a3c\u306e\u7121\u52b9\u5316\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/DisableModuleBaseAuth.png\")
<\/a>
\n
\n
\n\u30dd\u30b9\u30c8\u8a8d\u8a3c\u30d7\u30ed\u30bb\u30b9\u30bf\u30d6\u3067\u3001\u30ed\u30b0\u30a4\u30f3\u6210\u529f\u6642\u306b\u8fd4\u3059\u30c7\u30d5\u30a9\u30eb\u30c8\u306e URL \u3092\u300c\/sample\/?realm=sample\u300d\u306b\u5909\u66f4\u3057\u307e\u3059\u3002
\n\u300c?realm=sample\u300d\u3068\u3044\u3046\u30d1\u30e9\u30e1\u30fc\u30bf\u306f\u3001
\nsample\u30ec\u30eb\u30e0\u306b\u8a2d\u5b9a\u3057\u305f\u8a8d\u8a3c\u8a2d\u5b9a\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059\u3001\u307e\u305f\u306f\u3057\u305f\u3088\u3001\u3068\u3044\u3046\u610f\u5473\u3067\u3059\u3002
\n\u307e\u305f\u3001\u30e6\u30fc\u30b6\u30fcID\u751f\u6210\u30e2\u30fc\u30c9\u306e\u30c1\u30a7\u30c3\u30af\u3092\u5916\u3057\u307e\u3059\u3002<\/p>\n![\"\u30dd\u30b9\u30c8\u8a8d\u8a3c\u30d7\u30ed\u30bb\u30b9\u8a2d\u5b9a\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/ModifyPostAuth.png\")
<\/a>
\n
\n
\n\u6b21\u306bAuthentication > Modules\u304b\u3089\u3001\u81ea\u4f5c\u3057\u305f\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n
\nModule Name\u306b\u300cSampleAuthModule\u300d\u3092\u5165\u529b\u3001
\nType\u306e\u30d7\u30eb\u30c0\u30a6\u30f3\u306b\u5148\u307b\u3069\u4f5c\u6210\u3057\u305f\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u300c\u30b5\u30f3\u30d7\u30eb\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u300d\u3068\u3057\u3066\u9078\u629e\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u306e\u3067\u3001
\n\u305d\u308c\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/p>\n![\"\u65b0\u30e2\u30b8\u30e5\u30fc\u30eb\u8ffd\u52a0\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/AddNewModule.png\")
<\/a>
\n
\n
\n\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3001\u305d\u306e\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u8a2d\u5b9a\u753b\u9762\u306b\u9032\u307f\u307e\u3059\u3002
\namAuthSampleAuth.xml\u3067\u5b9a\u7fa9\u3057\u305f\u8a2d\u5b9a\u9805\u76ee\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\n\u4eca\u56de\u306f\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u540d\u3001\u30ed\u30b0\u30a4\u30f3\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a2d\u5b9a\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3057\u305f\u306e\u3067\u3001
\n\u305d\u308c\u305e\u308cSynergy\u3001changeit\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n![\"\u30e2\u30b8\u30e5\u30fc\u30eb\u8a2d\u5b9a\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/ModuleSettings.png\")
<\/a>
\n
\n
\n\u6b21\u306b\u3001\u8ffd\u52a0\u3057\u305f\u8a8d\u8a3c\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u5fc5\u9808\u3068\u3059\u308b\u65b0\u898f\u8a8d\u8a3c\u9023\u9396\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
\nChain Name\u306f\u300cSampleAuthChain\u300d\u3068\u3057\u307e\u3059\u3002<\/p>\n![\"\u65b0\u898f\u8a8d\u8a3c\u9023\u9396\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/AddNewChain.png\")
<\/a>
\n
\n
\n\u4f5c\u6210\u3057\u305f\u8a8d\u8a3c\u9023\u9396\u306b\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002
\n\u300cSampleAuthModule\u300d\u3092\u9078\u629e\u3057\u3001\u6761\u4ef6\u306f\u300cRequired\u300d\u3068\u3057\u307e\u3059\u3002<\/p>\n![\"\u8a8d\u8a3c\u9023\u9396\u8a2d\u5b9a1\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/SettingChainModule.png\")
<\/a>
\n
\n
\n\u30ed\u30b0\u30a4\u30f3\u5f8c\u306b\u8fd4\u3059URL\u306b\u300chttp:\/\/openam-test.example.com\/sample\/?realm=sample\u300d\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n![\"\u8a8d\u8a3c\u9023\u9396\u8a2d\u5b9a2\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/SampleChainModule2.png\")
<\/a>
\n
\n
\n\u6b21\u306b\u3055\u3063\u304d\u8ffd\u52a0\u3057\u305f\u8a8d\u8a3c\u9023\u9396\u3092\u8a8d\u8a3c\u3067\u4f7f\u7528\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
\n\u7ba1\u7406\u8005\u8a8d\u8a3c\u8a2d\u5b9a\u3001\u7d44\u7e54\u8a8d\u8a3c\u8a2d\u5b9a\u3068\u3082\u306b\u300cSampleAuthChain\u300d\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/p>\n![\"\u8a8d\u8a3c\u30b3\u30a2\u8a2d\u5b9a\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/AuthCore.png\")
<\/a>
\n
\n <\/p>\n6-2. sample\u30ec\u30eb\u30e0\u306e\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306e\u8a2d\u5b9a<\/h5>\n
\nPolicy Agent\u306b\u3069\u306e\u3088\u3046\u306a\u632f\u308b\u821e\u3044\u3092\u884c\u308f\u305b\u308b\u304b\u306e\u8a2d\u5b9a\u3092\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n
\n\u4eca\u56de\u306fApache\u306bPolicy Agent\u3092\u7d44\u307f\u8fbc\u307f\u307e\u3059\u306e\u3067\u3001
\nWeb\u30bf\u30d6\u3092\u9078\u629e\u3057\u3066\u3001\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306e\u65b0\u898f\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n![\"\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u8a2d\u5b9aTOP\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/agent_top.png\")
<\/a><\/p>\n
\n
\n\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u65b0\u898f\u767b\u9332\u753b\u9762\u3067\u3001\u4e0b\u8a18\u5185\u5bb9\u3092\u5165\u529b\u3057\u3066\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n\n
![\"\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u767b\u9332\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/addNewAgentSetting.png\")
<\/a><\/p>\n
\n
\n\u4f5c\u6210\u3057\u305f\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u9078\u629e\u3057\u3066\u8a73\u7d30\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n![\"\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u9078\u629e\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/afterCreateAgent.png\")
<\/a><\/p>\n
\n\u25a0 \u30b0\u30ed\u30fc\u30d0\u30eb\u30bf\u30d6
\n\u300cSSO\u306e\u307f\u30e2\u30fc\u30c9\u300d\u306e\u300c\u6709\u52b9\u300d\u306b\u30c1\u30a7\u30c3\u30af\u3092\u5165\u308c\u307e\u3059\u3002
\n\u300cSSO\u306e\u307f\u30e2\u30fc\u30c9\u300d\u3068\u3044\u3046\u306e\u306f\u3001Policy Agent\u3067\u8a8d\u8a3c\u306e\u307f\u3092\u884c\u306a\u3044\u8a8d\u53ef\u306f\u884c\u308f\u306a\u3044\u3001\u3068\u3044\u3046\u610f\u5473\u3067\u3059\u3002
\n\u3069\u306e\u30e6\u30fc\u30b6\u304c\u3069\u306e\u30ea\u30bd\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3092\u5236\u5fa1\u3057\u307e\u305b\u3093\u3002
\n\uff08\u8a8d\u53ef\u3092\u884c\u306a\u3046\u5834\u5408\u306f\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3068\u306a\u308a\u307e\u3059\u3002\u8a2d\u5b9a\u65b9\u6cd5\u306f\u3053\u3061\u3089<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002\uff09<\/p>\n![\"ssoonlymode\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/ssoonly.png\")
<\/a>
\n
\n
\n\u25a0 \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30bf\u30d6
\nOpenAM\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u3067\u7ba1\u7406\u3057\u3066\u3044\u308b\u60c5\u5831\u3092\u3001SSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u5bfe\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u306eHTTP\u30d8\u30c3\u30c0\u306bPolicy Agent\u304c\u4ed8\u4e0e\u3059\u308b\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002<\/p>\n
\n\u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u30de\u30c3\u30d7\u306e\u8a2d\u5b9a\u7b87\u6240\u3067\u4e0b\u8a18\u5185\u5bb9\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002
\n\u5de6\u5074\u304c\u30bb\u30c3\u30b7\u30e7\u30f3\u3067\u7ba1\u7406\u3057\u3066\u3044\u308b\u30ad\u30fc\u3001\u53f3\u5074\u304cHTTP\u30d8\u30c3\u30c0\u306b\u4ed8\u4e0e\u3059\u308b\u30ad\u30fc\u3067\u3059\u3002<\/p>\n\n
![\"\u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u51e6\u7406\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/sessionToHttpHeader.png\")
<\/a>
\n
\n
\n\u25a0 OpenAM\u30b5\u30fc\u30d3\u30b9\u30bf\u30d6
\n\u30ed\u30b0\u30a4\u30f3\u306eURL\u306b\u300c?realm=sample\u300d\u3092\u4ed8\u4e0e\u3057\u307e\u3059\u3002<\/p>\n![\"\u30ed\u30b0\u30a4\u30f3URL\u5909\u66f4\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/login_url_modify.png\")
<\/a><\/p>\n
\n\u30ed\u30b0\u30a2\u30a6\u30c8\u306eURL\u306b\u3082\u300c?realm=sample\u300d\u3092\u4ed8\u4e0e\u3057\u307e\u3059\u3002
\n![\"\u30ed\u30b0\u30a2\u30a6\u30c8URL\u5909\u66f4\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/logout_url_modify.png\")
<\/a><\/p>\n7. Policy Agent\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
\n\u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u3092HTTP\u30d8\u30c3\u30c0\u306b\u30bb\u30c3\u30c8\u3057\u3066\u304f\u308c\u306a\u3044\u4e0d\u5177\u5408<\/a>\u304c\u3042\u308b\u3088\u3046\u306a\u306e\u3067\u3001
\n\u4eca\u56de\u306f\u30d0\u30fc\u30b8\u30e7\u30f33.3.0\uff08Apache-v2.4-Linux-64-Agent-3.3.0.zip\uff09\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3057\u305f\u3002<\/p>\n
\n\uff08\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u65b9\u5f0f\u3067\u3042\u308c\u3070\u3001SSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u5074\u306bPolicy Agent\u3092\u7d44\u307f\u8fbc\u3080\u5f62\u3068\u306a\u308a\u307e\u3059\u3002\uff09<\/p>\n\r\nyum install httpd\r\n<\/pre>\n
\r\n# cd \/etc\/httpd\r\n# unzip \/path\/to\/Apache_v24_Linux_64bit_4.0.0.zip\r\n<\/pre>\n
\r\n# systemctl stop httpd\r\n<\/pre>\n
\r\n# cd web_agents\/apache24_agent\/bin\r\n# echo [\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210\u6642\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3002\u3053\u3053\u3067\u306fopenam02] > password.txt\r\n# chmod 400 password.txt\r\n# .\/agentadmin --install\r\n\r\n[Press
\nPolicy Agent\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30c8\u30c3\u30d7\u30ec\u30d9\u30eb\u306e\u30ec\u30eb\u30e0\u3092\u53c2\u7167\u3059\u308b\u8a2d\u5b9a\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u306e\u3067\u3001
\nOpenSSOAgentBootstrap.properties\uff08\u79c1\u306e\u74b0\u5883\u3067\u306f\/etc\/httpd\/web_agents\/apache24_agent\/Agent_001\/config\/OpenSSOAgentBootstrap.properties\uff09\u306e\u4e0b\u8a18\u306e\u884c\u3092\u7de8\u96c6\u3057\u3066\u3001
\n\u4f5c\u6210\u3057\u305fsample\u3068\u3044\u3046\u30ec\u30eb\u30e0\u3092\u53c2\u7167\u3059\u308b\u3088\u3046\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n\r\ncom.sun.identity.agents.config.organization.name = sample\r\n<\/pre>\n
8. \u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u8a2d\u5b9a<\/h4>\n
\nOpenAM\u30b5\u30fc\u30d0\u306ehttpd.conf\u306b\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\r\n
\r\nsystemctl start http\r\n<\/pre>\n
\u52d5\u4f5c\u78ba\u8a8d<\/h2>\n
\n\u4e0b\u8a18\u5185\u5bb9\u3092SSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u5074\u306eApache\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30eb\u30fc\u30c8\u306bindex.php\u3068\u3057\u3066\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n\r\n\";\r\nforeach (getallheaders() as $key => $value) {\r\n echo \"$key: $value
\";\r\n}\r\n?>\r\n<\/pre>\n
\nPolicy Agent\u304c\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u691c\u77e5\u3057\u3066\u3001OpenAM\u306b\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u30c1\u30a7\u30c3\u30af\u3057\u3001
\n\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u305f\u3081\u3001OpenAM\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u307e\u3059\u3002<\/p>\n![\"\u30ed\u30b0\u30a4\u30f3\u753b\u9762\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/sample_login_screen.png\")
<\/a><\/p>\n
\nOpenAM\u306b\u3088\u3063\u3066\u8a8d\u8a3c\u5f8c\u3001\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u5148\u306eSSO\u5bfe\u8c61\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u307e\u3059\u3002<\/p>\n![\"\u30ed\u30b0\u30a4\u30f3\u6210\u529f\"](\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2016\/12\/login_success.png\")
<\/a><\/p>\n
\nHTTP\u30d8\u30c3\u30c0\u306e\u4e00\u89a7\u304c\u51fa\u529b\u3055\u308c\u3066\u304a\u308a\u3001
\nCUSTOM-sample-username\u3068CUSTOM-sample-organization\u304cPolicy Agent\u306b\u3088\u3063\u3066\u4ed8\u4e0e\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u5206\u304b\u308a\u307e\u3059\u3002
\niPlanetDirectoryPro=xxxx\u3068\u3044\u3046\u306e\u304c\u8a8d\u8a3cCookie\u30ad\u30fc\u3067\u3001
\nPolicy Agent\u306f\u3053\u308c\u306e\u6709\u7121\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3001\u6709\u308c\u3070OpenAM\u306b\u554f\u3044\u5408\u308f\u305b\u3057\u3066\u6709\u52b9\u306a\u5024\u3067\u3042\u308b\u304b\u3069\u3046\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n\u7d42\u308f\u308a\u306b<\/h2>\n
\nOpenAM\u306f\u3001\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u65b9\u5f0f\u4ee5\u5916\u306b\u3082SAML(Security Assertion Markup Language)\u3084OpenID Connect\u306b\u5bfe\u5fdc\u3057\u3066\u304a\u308a\u3001\u307e\u305f\u8981\u4ef6\u306b\u5408\u308f\u305b\u305f\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3082\u53ef\u80fd\u3067\u3059\u3002
\n\u500b\u4eba\u7684\u306b\u306f\u6642\u9593\u304c\u3042\u308c\u3070OpenID Connect\u306e\u8a2d\u5b9a\u3082\u8a66\u3057\u3066\u307f\u305f\u3044\u306a\u3068\u601d\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u7d9a\u304d\u3092\u8aad\u3080...<\/a><\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[239],"tags":[141],"_links":{"self":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/13361"}],"collection":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/comments?post=13361"}],"version-history":[{"count":52,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/13361\/revisions"}],"predecessor-version":[{"id":13652,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/13361\/revisions\/13652"}],"wp:attachment":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/media?parent=13361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/categories?post=13361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/tags?post=13361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}