cfv2 user account and authorization

1. NTT Software Innovation Center 2013 NTT Software Innovation Center

2. @kenojiri CF8 : @http://www.aozora.gr.jp /index_pages /person1562.html 9/25 2334g3200g 2013 NTT Software Innovation Center 2 3. http://docs.cloudfoundry.com/docs/running/architecture/ 2013 NTT Software Innovation Center3 4. UAA (User Account and Authentication Service) CCngUAA UAA CCng UAAUAADBCCngCCDB UAACCngWebAPIDB CCngUAA ACMSCIM UAA() SCIM: Simple Cloud Identity Management OAuth2OpenID Connect UAAJava with SpringSecurity SpringSecurityOAuth2OpenID ConnectEndpoint UAA FilterController 2013 NTT Software Innovation Center4 5. UAAAPI / OpenID Connect / OAuth2GET /login POST /login.do POST /logout.do POST /oauth/token (GET|POST) /oauth/authorize GET /oauth/authorize/confirm_access GET /userinfo GET /token_key POST /check_token POST /check_id GET /oauth/users/(:username|:client_id)/tokens DELETE /oauth/users/(:username|:client_id)/tokens/:jti SCIM(=)(GET|POST) /Users (PUT|DELETE) /Users/:id PUT /Users/:id/password GET /Groups POST /Group (PUT|DELETE) /Group/:id clientGET /oauth/clients (GET|POST|PUT|DELETE) /oauth/clients/:client_id PUT /oauth/clients/:client_id/secret APIGET /varz POST /password/scoreGET /varz/:domain https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-API.rst 2013 NTT Software Innovation Center5 6. cfUAA API / OpenID Connect / OAuth2GET /login POST /login.do POST /logout.do POST /oauth/token (GET|POST) /oauth/authorize GET /oauth/authorize/confirm_access GET /userinfo GET /token_key POST /check_token POST /check_id GET /oauth/users/(:username|:client_id)/tokens DELETE /oauth/users/(:username|:client_id)/tokens/:jti SCIM(=) (GET|POST) /Users (PUT|DELETE) /Users/:id PUT /Users/:id/password GET /Groups POST /Group (PUT|DELETE) /Group/:id clientGET /oauth/clients (GET|POST|PUT|DELETE) /oauth/clients/:client_id PUT /oauth/clients/:client_id/secret APIGET /varz POST /password/scoreGET /varz/:domain https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-API.rst 2013 NTT Software Innovation Center6 7. cf login UAAtoken uaac token client get UAAtoken access_token access_tokenAPI scope scopeAND (1)(API) UAADBoauth_client_datails UAAclientAPI(2) UAADBgroupsgroup_membership UAASCIMAPI 2013 NTT Software Innovation Center7 8. uaac UAAAPIcf APICLI API(cf) (=)API clientAPI tokenAPI(tokentoken)etcrubygems $ gem install cf-uaac 2013 NTT Software Innovation Center8 9. cf APIuaaAPIccapp API(scope) web app API APIuaa cc API(scope)uaaAPIcc 2013 NTT Software Innovation Center9 10. API UAACCngaccess_tokenscope1) UAAAPI (POST /Users) scim.writescopeaccess_token 2) CCngorganizationAPI (PUT /v2/organization /:id) cloud_controller.adminscopeaccess_token 3) CCngpushAPI (POST /v2/apps) cloud_controller.writescopeaccess_token CF CCngCCDB) spacepushspace organization 2013 NTT Software Innovation Center10 11. cfuaac-t (trace) HTTP req /res CCngtoken /oauth /tokengrepuaacUAADB users groups group_membership oauth_client_details 2013 NTT Software Innovation Center11 12. 2013 NTT Software Innovation Center12

cfv2 user account and authorization

Technology