Downloaded 33 times
More Related Content
Similar to Azure AD による Web API の 保護
![[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装](https://cdn.slidesharecdn.com/ss_thumbnails/sc04-170614044153-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 006](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec006-171116035456-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 009](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec009-171116035457-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 005](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec005-171116035502-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Japan Tech summit 2017] SEC 010](https://cdn.slidesharecdn.com/ss_thumbnails/techsummit2017pdfsec010-171127040527-thumbnail.jpg?width=640&height=640&fit=bounds)
Azure AD による Web API の 保護
- 1.
- 2.
- 4.
- 6.
- 7.
- 8.
- 10.
- 12.
- 14.
- 15.
- 17. ③ ユーザーIDやロールによって APIに対する権限を変えたい
- 18.
- 19.
- 20. • validate-jwt :JWT を検証して操作を承認する RS256 署名アルゴリズム ー OpenID 構成エンドポイントからキーを受け取る • 認証ポリシー https://docs.microsoft.com/ja-jp/azure/api-management/api-management-policy-reference
- 21. <policies> <inbound> <base /> <rewrite-uri template="/HttpTriggerPowerShell1?code=TvXkdY2WKsev/wFxxxxx==&name={username}"/> </inbound> <backend> <base /> </backend> <outbound> <base /> </outbound> <on-error> <base /> </on-error> </policies>
- 22. ・・・・ <inbound> <base /> <rewrite-uri template="/HttpTriggerPowerShell1?code=TvXkdY2WKsev/wFxxxxx==&name={username}"/> <validate-jwt failed-validation-error-message="Unauthorized. Access token is missing or invalid." failed-validation-httpcode="401" header-name="Authorization"> <openid-config url=“https://login.microsoftonline.com/テナントURL/.well-known/openid-configuration" /> <audiences> <audience>チェックしたいアプリケーションのクライアントID</audience> </audiences> <required-claims> <claim name=“チェックしたいクレーム名" match="all"> <value>クレーム内の値</value> </claim> </required-claims> </validate-jwt> <inbound> ・・・・
- 23. <validate-jwt failed-validation-error-message="Unauthorized. Accesstoken is missing or invalid." failed-validation-httpcode="401" header-name="Authorization"> <openid-config url="https://login.microsoftonline.com/pharaojp.onmicrosoft.com/.well-known/openid- configuration" /> <audiences> <audience>e55757f2-92ba-4422-8aa1-2ed25cbeece2</audience> </audiences> <required-claims> <claim name="name" match="all"> <value>admin</value> </claim> </required-claims> </validate-jwt>
- 25.
- 27.
- 28.
- 29.
- 30.
- 31. Weibo QQ WeChat a preview Identity Experience Framework •SAML 2.0 • OAuth 2.0 • OIDC Preview Identity Experience Framework • SAML 2.0 • OAuth 2.0 • OIDC Preview
- 35.
- 37.
- 41.
- 42.