Sun Java[TM] System Identity Manager 7.1 ê§Ü¡ |
ÜÉ 10 Ýý
ÇøÇÀÍÌÆÛÝýßÈËòÈ´ùà Identity Manager ÇøÇÀÍÌÅü×äÎûæñع¡¢ËäæÛÜØë©ÍüÚÀÆ«ÅèÚè̽ÅèâÐÄ¡ÊãÓñÉ¥ÇøÇÀÍÌÓøòòÎûÊãüõ¡¤
óôáþÅèĶÅä÷îÅèôËæØÈ´ùÃËðÆî Identity Manager ê§Ü¡Ë·ÜÓÇøÇÀÍÌÎûÊÕÇéæñع¡¤
ÇøÇÀÍÌÅü×äIdentity Manager Æ«Ýàç´ßÈËòÅèĶÅü×äËô̶ɷÓñÉ¥ÇøÇÀÍÌÓøòò¡¨
- É»ÕëØôÆîÚ¨æÀÇô̽ - Identity Manager üéÚÀÝàç´ÞÌġٯɢɻƫØôÆîÜÚöþÍÐԶĩÎûÇô̽ûâÓ
- àôÄ«âêÑôÉ¢äÆÓî̱ - ÚÀÆ«ÅèÝÃÌùè×ÇÑÊãçªÉ¢ÄæàôÄ«âêÑôÉ¢äÆÎûÓî̱¡¤
- ËðÆîÄãÎûÓøòòšε - Identity Manager äÄåîÚ¦ÚáßÀÑÒÉÁÈ´ÏæËðÆîÄãÎûÚ¨æÀůƫéêÙïî£É¢äÆá«ÇøÇÀÍÌÓøòò¡¤
- ÇÀÓòÎûÙïî£ê§Ü¡ - ÉùðìÅâüñÒ¤ÎûÙïî£ê§Ü¡ûâ×äÆ«íýÏñ×äÙÜèÒÑÌÉùðìÎûÇô̽ÚÕ̱¡¤
- éñáþÇô̽ɢäÆÎûî¨ÕøêØÞÞÉË - ÚÀÆ«ÅèÙÚÈçÇÖùËÞÞÉËËôßÈËòÈ´ùÃÇô̽ɢäÆÎûÈ´ØÜè×ÍÌÎûæñع¡¤ (îùÙ¶ïåÜÉ 7 Ýý¡ÖÞÞÉˡס¢Åè̽ڵȴùÃÞÞÉËÅü×äÎûÊÕÇéæñع¡¤)
- ÜØŧê§Ü¡ûâÓîÚÕ̱ - ÚÀÆ«ÅèÒ³ËðÆîϯÑÀÌùÞÌÄ¡ûâ×ä¡¢ÍÐÑÀÌùÄ¡Ë·ÇÄÝàç´ê§Ü¡ÔÞËÅÈãÌùåøÎûê§Ü¡ÝÊǶ¡¢Ú·ÈÔÇã Identity Manager ÄãÚæÄèê§Ü¡ÚÕ̱ËäâÐÈçê§Ü¡¡¤
- ÈùΤðÂÏÚý¬ÅûÙï - Identity Manager Æ«üéÚÀÝàç´ [É¢äÆ] Ù´ÙÑÐúÇ¡êØê§Ü¡ÈùΤðÂÅûÙïÏÚý¬¡¤
ȺÆÀ¡¢Ë·ÜÓÑÞé¬Ä¾äÄð±Æ«×äÇâÞòÊåÓñÉ¥ÇøÇÀÍÌÓøòòÎûñ¢äÄ¡¤ËóÇñ¡¢àôÅøѥɻàÒÎÎÝàç´ößûªðÂÎû [ĸġÓ÷] Åü×äÇô̽ǿЩÝßݾç´ÎûÓ÷Óò¡¤
Óî̱ÇÑÊãçªÉ¢ÎûàôÄ«âêÑôÉ¢äÆËíçßÝá¢Identity Manager ËðÆîϯƫÅè̦ȴÇÑÊãçªÉ¢ÎûàôÄ«âêÑôÉ¢äÆ¡¤ÈþÑÒ¡¢ÚÀÆ«ÅèüÈÊÕË·ÜÓØÙåôÎìǵÄã security.authn.singleLoginSessionPerApp ØÙåôúèÍÌÎûÔ«¡¢ÅèÏíÙòÊäÔ¶àôÄ«óÜÆîá£È¢ÎûÇÑÕëâêÑôÉ¢äÆí°ÆøÓî̱ҳġ¡¤æÚúèÍÌÑÒÅýÉÖÊäÔ¶àôÄ«óÜÆîá£È¢ÇØê¢ (ËóÇñ¡¢ê§Ü¡ÔÞÄõÓò¡£ËðÆîϯÄõÓòÍÐ Identity Manager IDE) ÎûÄ¡Ô¶úèÍÌÎûÎìǵ¡¤ÙòȺúèÍÌÎûÔ«üÈÊÕÒ³ true¡¢É»Æ«Ú°Ì±ÊäÔ¶ËðÆîϯÚèÆîÞÌÄ¡àôÄ«âêÑôÉ¢äÆ¡¤
ÇñΪÄØÙÚÈ硢ЬËðÆîϯƫàôÄ«ÈÝÇéÔ¶âêÑôÉ¢äÆ¡§ÈþƷȴ޲ѥÎûàôÄ«âêÑôÉ¢äÆÏñѽҳËðÆîÄãÅâÈ´Õ桤ÇñΪËðÆîϯè×àÒÕæÎûâêÑôÉ¢äÆÙÚÈçٯɢ¡¢Ð¬äÄÈÜٯݷÓã÷ââäâêÑôÉ¢äÆËäÜÜÅÏâêÑôÉ¢äÆ¡¤
Ùïî£ê§Ü¡Identity Manager ÇãÇéÔ¶ìÒ×ÈßÈËòÙïî£ê§Ü¡¡¨
Ý×ç´È¢ë¥øýËðÆîÝ×ç´È¢ë¥øýÚæÄèËðÆîϯÌÏê§Ü¡ÔÞÝàç´Ä¡Ô¶ÍÐÇéÔ¶ÄâÇÑÙïî£âÐÈçÇô̽ÎûûâÓIdentity Manager Ýàç´èÒÉ¢ÅèĶÄùÕ©Ëôê§Ü¡ë¥øý¡¨
ùÃÍõàôÄ«óÜÆîá£È¢
àôÄ«óÜÆîá£È¢ÌùåøàôÄ«í¼ÜÚåúÜÚÎûâõÇÙ¡¢àôÄ«í¼ÜÚåúÜÚâÐÄ¡ÊãÌùåøËðÆîϯàôÄ« Identity Manager ÕëÍÔËðÆîÄæàôÄ«í¼ÜÚÎûâõÇÙÌÏâûÊ©¡¤ÊäÔ¶àôÄ«óÜÆîá£È¢ÉáÅýÑÄÄ¡ÍÐÇéÔ¶àôÄ«í¼ÜÚåúÜÚ¡¤
àôÄ«Õë¡¢àôÄ«óÜÆîá£È¢äÄóôÑçàôÄ«í¼ÜÚåúÜÚâõ¡¤ÇñΪƷÝÃÌùÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚ¡¢Ð¬äÄËðÆîæÚåúÜÚ¡¢ÅâÆÆÍÔÅýÉÖÎûàôÄ«í¼ÜÚäÄÅèåúÜÚÌùåøÎûâûʩݨܡ¡¤ÇñΪàôÄ«óÜÆîá£È¢ÄãÅýÉÖÇéÔ¶ÄØÌùåøÎûàôÄ«í¼ÜÚåúÜÚ¡¢Ð¬ Identity Manager äÄóôÑçÔïÆîÈÝÊäÔ¶àôÄ«í¼ÜÚåúÜÚÎûàôÄ«Óî̱ݽЬ¡¢ÅèíýÌùÓÑݨܡÔáÔ¶åúÜÚ¡¤
àôÄ«Óî̱ݽЬ
àôÄ«Óî̱ݽЬäÄÔïÆîÈÝÇãàôÄ«óÜÆîá£È¢ÄãÌùåøÎûàôÄ«í¼ÜÚåúÜÚ¡¤è×ÍõÊäÄ¡Ô¶ÇãàôÄ«óÜÆîá£È¢ÄãàôÄ«Îûí¼ÜÚåúÜÚ¡¢Æ·È´Ä¡Ô¶åúÜÚÑÒàÒÎÎüéàôÄ«Óî̱ݽЬÔïÆîÎû¡¤
Identity Manager äÄâ£ÈõÜÉÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚÎûÓî̱ݽЬ¡¢ÅèÊîÌùÓÑݨܡġԶâõÇÙÄãÎûÔáÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚ¡¤ÇñΪȩÅü¡¢Ð¬äÄݨܡæÚàôÄ«í¼ÜÚåúÜÚ¡¤ÇñΪÆÂÚõ¡¢Ð¬ÆÆäÄïÇÑüâ£ÈõÊäÔ¶àôÄ«í¼ÜÚåúÜÚ¡¢Îþ̯ÑÜÔ¶Óî̱ݽЬȩÅüÍÐÑÒÄØåîâ£ÈõàõÜ¢ÑÜÔ¶ÄâÅýÉÖÓî̱ݽЬÎûàôÄ«í¼ÜÚåúÜÚ (ËäÇãòñÑ¥ËðÆî)¡¤
Þ¬â¡
ÇñΪàôÄ«óÜÆîá£È¢ÅýÉÖÇéÔ¶àôÄ«í¼ÜÚåúÜÚ¡¢Ð¬ÊôÈ´àôÄ«Óî̱ݽЬÎûàôÄ«í¼ÜÚåúÜÚóÜÍóÇãí¼ÜÚâõÎû޲ѥġԶÈíåô¡¤
àôÄ«Óî̱ݽЬî¯Ëó
ÇãĶÇÄÙ×ÍõÈíåôÎûàôÄ«Óî̱ݽЬî¯ËóÄ㡢ݽЬäÄÚ·íºó¤Äã̽ڵîùÊåá£È¢Îû IP ÈíÉß¡¢àÓÑ¥óôÑçÆÆÑÒÉÁÈíÍõ 192.168 ê½æûĸ¡¤ÇñΪÇã IP ÈíÉßÄãÊÆ̯ 192.168.¡¢Ð¬Ý½Ð¬Ùòã®Çß true Ô«¡¢ËäÅâäÄòÙ̽ȺàôÄ«í¼ÜÚåúÜÚ¡¤
î¾òÒàôÄ«óÜÆîá£È¢
Ú·Åü×äÏÐÇÄÄãòÙ̽ [Configure]¡¢àÓÑ¥òÙ̽ [Login] ÅèÇô̽ [Login] Ó÷Óò¡¤
àôÄ«óÜÆîá£È¢ÛÒÞÌüÏÆü¡¨
Ú· [Login] Ó÷ÓòÄã¡¢ÚÀÆ«Å表
Ó¼ÓÑî¾òÒÑÜàôÄ«óÜÆîá£È¢¡¢îùÚ·ÛÒÞÌÄãòÙ̽æÚóÜÆîá£È¢¡¤
ÝÃÌù Identity Manager âêÑôÉ¢äÆÓî̱
Çã [Modify Login Application] Ó÷ÓòÄã¡¢ÚÀÆ«ÅèÒ³ÊäÔ¶ Identity Manager àôÄ«âêÑôÉ¢äÆÝÃÌùç·ÕëÔ« (Óî̱)¡¤òÙ̽ÄÑÕ롣šúÌÌÏÒðÄæÑ¥¡¢ÇÂѺġĶ [óÃÇô]¡¤ÚÀÐúÇ¡ÎûÓî̱äÄüÏÆüÇãàôÄ«óÜÆîá£È¢ÛÒÞÌÄ㡤
ÚÀÆ«ÅèÝÃÌùÊäÔ¶ Identity Manager àôÄ«óÜÆîá£È¢ÎûâêÑôÉ¢äÆç·Õ롤åµËðÆîϯàôÄ« Identity Manager óÜÆîá£È¢Õ롢ɻäÄËðÆîÆøЩØÙåôÎûâêÑôÉ¢äÆç·ÕëÔ«¡¢ÓÓê«ËðÆîϯâêÑôÉ¢äÆÇÞÆÜٯɢÈÔÙòÇãÆÜËôÔáÔ¶ÅÊßæêØÕëâæç·Õ롤ÚÙáá¡¢ÓÓê«ÅøËôÎûÅÊßæäÄóÃÇôÇãËðÆîϯÎû Identity Manager âêÑôÉ¢äÆÄã¡¢ÅèÏíÇãÊäȹßÈÅøîùÊåÕëÆ«ËòóôÑ硤
Ó¼àôÄ«ê§Ü¡ÔÞüÈÊÕħàôÄ«óÜÆîá£È¢âêÑôÉ¢äÆç·ÕëÔ«¡¢Ð¬æÚÔ«è×ÆÜËôÍÔÈ´ÎûàôÄ«É¢äÆÝçÙòÈ´Õ桤ܢȴâêÑôÉ¢äÆÎûç·ÕëÔ«Ùò̽ÊîÍõËðÆîϯàôÄ«ÕëÎûÈ´ÕæÔ«¡¤
ØÜè× http ç·ÕëÍÔÝÃÌùÎûÔ«è×ÍÔÈ´ Identity Manager óÜÆîá£È¢ÒÕÈ´ìàûÀ¡¢ËäóÀÇ¿ÍõàôÄ«óÜÆîá£È¢âêÑôÉ¢äÆç·ÕëÔ«¡¤
ØôÆîè×óÜÆîá£È¢ÎûÇô̽
Çã [Create Login Application] ÌÏ [Modify Login Application] Ó÷ÓòÄã¡¢ÚÀÆ«ÅèòÙ̽ [Disable] òÙâúÅèØôÆîàôÄ«óÜÆîá£È¢¡¢Ú·ÈÔÏàÅÏËðÆîϯàôÄ«¡¤ÇñΪËðÆîϯè©æÜàôÄ«ÄØØôÆîÎûóÜÆîá£È¢¡¢Ð¬æÚÄõÓòäÄÙò̧Óìä»ðÒÇ×ÈÝßåÅîÓ÷Óò¡¢ÅèÑÀÆüæÚóÜÆîá£È¢ÆøЩÄØØôÆÚÀÆ«ÅèÝàç´î¾òÒÈÜÓÔÆøòçËôî¾òÒüÏÆüÇãȺÓ÷ÓòĸÎûعÕÉ¡¤
ÇãÚÀּ̽òÙ̽æÚòÙâúÄæЩ¡¢àôÄ«óÜÆîá£È¢ÙòÏñѽØôÆîÎíè衤ҳÇøÇÀØÄËÄ¡¢ÚÀàÒÎÎØôÆîê§Ü¡ÔÞàôÄ«¡¤
î¾òÒàôÄ«í¼ÜÚåúÜÚ
àôÄ«í¼ÜÚåúÜÚÛÒÞÌüÏÆü¡¨
Çã [Login Module Groups] Ó÷ÓòÄã¡¢ÚÀÆ«ÅèÐúÇ¡¡£î¾òÒÌÏÉ´ØæàôÄ«í¼ÜÚåúÜÚ¡¤Ú·ÛÒÞÌÄãòÙ̧̽ÄãÄ¡Ô¶àôÄ«í¼ÜÚåúÜÚÅèâÐÈçî¾òÒ¡¤
î¾òÒàôÄ«í¼ÜÚ
ÇñĶòÓÄ«àôÄ«í¼ÜÚÎûæÛÜØæñعÍÐâÐÈçòÙ̽¡¤(ÄâÑÒÍÔÈ´òÙâúÝçÆ«ÆîÍõÊäÔ¶àôÄ«í¼ÜÚ¡¤)
- àôÄ«È©Åü۾ǵ - òÙ̽ïËÆîÍõȺí¼ÜÚÎûëæÊ塤òÙâúÅýÑÄ¡¨
- ÆÒÓÑ - ȺàôÄ«í¼ÜÚҳȩÅüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤àÒï¢ë¥øýÑÒÈ©ÅüÍÐÆÂÚõ¡¢ë¥øýá£Ê©ÝçäÄâÐÈçÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤ÇñΪã¯È´Ä¡Ô¶àôÄ«í¼ÜÚ¡¢Ð¬ê§Ü¡ÔÞÆ«È©ÅüàôÄ«¡¤
- ÆÒëæ - ȺàôÄ«í¼ÜÚҳȩÅüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤ÇñΪë¥øýÈ©Åü¡¢Ð¬ë¥øýá£Ê©äÄâÐÈçÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤ÇñΪÆÂÚõ¡¢Ð¬ë¥øýÙòÄâäÄú«úýâÐÈ硤
- ËÍÙÜ - ȺàôÄ«í¼ÜÚÄâÑÒÈ©Åüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤ÇñΪë¥øýÈ©Åü¡¢Ð¬ë¥øýá£Ê©ËäÄâäÄú«úýâÐÈçĶġԶàôÄ«í¼ÜÚ¡¢Èþê§Ü¡ÔÞÆ«È©ÅüàôÄ«¡¤ÇñΪë¥øýÆÂÚõ¡¢Ð¬ë¥øýäÄú«úýâÐÈçÛÒÞÌĸÎûĶġԶàôÄ«í¼ÜÚ¡¤
- òÙðåÍÌ - ȺàôÄ«í¼ÜÚÄâÑÒÈ©Åüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤àÒï¢ë¥øýÑÒÈ©ÅüÍÐÆÂÚõ¡¢ë¥øýá£Ê©ÝçäÄú«úýÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤
- àôÄ«ä²ÞòúèÍÌ - (ã¯Óî LDAP) ÑÀÌùÇãè©æÜÝÙḠ(àôÄ«) ÈÝùÃôúÎû LDAP ÈùΤðÂÕë¡¢ÍÔÓÑËðÆîÎû LDAP ËðÆîϯúèÍÌÇØê¢ÄæÚêÊ©ÛÒÞÌ¡¤ÊäÄ¡Ô¶ÑÀÌùÎû LDAP ËðÆîϯúèÍÌ¡¢ÝÙÇÑËðÆîϯÑÀÌùÎûàôÄ«ÇØꢡ¢Æ«ÆîÍõä²ÞòÒÞÜÊÎû LDAP ËðÆîϯ (ËíÊ©)¡¤ÇãÙò Identity Manager ØÙåôÒ³ã®ëÄÈÝ LDAP Õë¡¢ÝÕÆ«ÄøÝÂËðÆîϯÝàç´ LDAP cn ÍÐçÙÄÍâÓǵÈíÉßàôÄ« Identity Manager¡¤
- àôÄ«ÒÞÄëùÃôúݽЬ - òÙ̽àôÄ«ÒÞÄëùÃôúݽЬ¡¢ÅèÆîÍõÙòËðÆîϯÍÔßÈËòÎûàôÄ«æñعè×ÑÐÈÝ Identity Manager ËðÆîϯ¡¤ÈºÝ½Ð¬Æ«üéÚÀËðÆîݽЬÄãÍÔÑÀÌùÎûüÊòÒ¡¢Ëôä²Þò Identity Manager ËðÆîϯ¡¤ÈºÝ½Ð¬ÆÒâüã®ÇßġǹÅýÉÖÄ¡Ô¶ÍÐÇéÔ¶ AttributeConditions ÎûÛÒÞÌ¡¢ÆîÍõä²ÞòÒÞÜÊÎû Identity Manager ËðÆîϯ¡¤òÙ̽ÎûݽЬÆÒâü̦ȴ LoginCorrelationRule authType¡¤
- ä»ÎûËðÆîϯÇØê¢Ý½Ð¬ - òÙ̽ÇãàôÄ«ç´á£ÄãÈÜÙ¯ÐúÇ¡ä»Îû Identity Manager ËðÆîϯÕë¡¢ÍÔËðÆîÎûä»ËðÆîϯÌÔÇØݽЬ¡¤
ѺġĶ [Save] ÅèóÃÇôàôÄ«í¼ÜÚ¡¤Ä¡ÆÙóÃÇôÄæÑ¥¡¢ÚÀÆ«ÅèÙòí¼ÜÚÍóåôÇãàôÄ«í¼ÜÚåúÜÚÄã̧ÅìÍÔÈ´í¼ÜÚÍÔÇãÎûÈíåô¡¤
ÎÃãô
ÇñΪÙò Identity Manager àôÄ«ØÙåôҳƫÝàç´ë¥øýàôÄ«ÇéԶ˷ÜÓ¡¢Ð¬Ò³ Identity Manager ë¥øýÆøíºÎûÍÔÈ´Ë·ÜÓĸ¡¢Ú¨æÀÎûËðÆîϯ ID ÌÏÙïî£ÒÕëæÒÞÇÑ¡¤
ÇñΪËðÆîϯ ID ÌÏÙïî£ÎûÜÚÇÙÄâÇÑ¡¢Ð¬ÇñΪàôÄ«Ë·ÜÓÕëÎûËðÆîϯ ID ÌÏÙïî£êØ Identity Manager [User Login] ÏÐÞÌÄãÍÔòÓīϯÄâÒÞÜÊ¡¢àôÄ«ÙòäÄÆÂÚõ¡¤ÝÕËèË·ÜÓÄãÈ´Ä¡ËèÆ«×äÈ´÷ÕÌùá¬Ü©¡¢åµÆÂÚõÎûàôÄ«è©æÜâ¾ç´ÑÀÌùȹí°Ñ¥¡¢ÏíäÄڰ̱÷ÕÌùÚ¨æÀ¡§è×ÝÕËèË·ÜÓÈÔËÆ¡¢É»ËðËðÆîϯÄóÆ«Ýàç´ Identity Manager È©ÅüàôÄ«¡¢ËðÆîϯڨæÀ޲ѥõäÑÒäÄÝ·÷ÕÌù¡¤
ØÙåôÇÁÆîæñäãÎûë¥øýÇñΪÚÀÈ´ÇéÔ¶ÇãèÒüÕÍÐüÊòÒĸÒÞÇÑÎûæñäã (ËóÇñØÜè×ÒÞÇÑèÒüÕÅäñ¢ÌùåøÎûÌ¥Ô¶æñäã¡¢ÍÐÅîÏÐ NT ÍÐ AD ê½ÙÑô¿èºÄãÏêǶÎûê½ÙÑÈùΤðÂÎûí°Ô¶æñäã)¡¢Ð¬ÚÀÆ«ÅèÇãË·ÜÓØÙåôÎìǵÄãÙòæÚÜÚæñäãÝÃÒ³ÇÁÆîæñä㡤
ÙòæñäãÝÃÒ³ÇÁÆîÄæÑ¥¡¢ÚÀÆ«üéËðÆîϯë¥øýâÐī̧ÄãÄ¡Ô¶ÇÁÆîæñäã¡¢ÈþËðÆîƶġԶÇÁÆîæñäãÙòËðÆîϯè×ÑÐÈÝ̧ùÃôúÎû Identity Manager ËðÆîϯ¡¤ËóÇñ¡¢ËðÆîϯƫÅèÙò̧æñäãÚ¨æÀÝÙá¸ÈÝÅìÎûæñäã AD-1 Îû Identity Manager ËðÆîϯ¡¤Ž¢ÇÙÄ«í¼ÜÚÆ«×ääÄÌùåøËðÆîϯÆÒâüë¥øýâÐÄ«æñäã AD-2¡¤ÇñΪ AD-1 ů AD-2 ÒÕÌùåøÒ³ÇÁÆîæñäã (ÇãȺÚÅÎÓĶ¡¢ÆÆÔ¯ÑÒÇãÒÞÇÑÎûÌ¿ÏêǶê½ÙÑÄã)¡¢Ð¬åµËðÆîϯâûɳë¥øýâÐÄ« AD-2 Ñ¥¡¢Identity Manager Æ«Åèè×ÑÐ̯ÒÞùÃôúÎû Identity Manager ËðÆîϯ¡¢ÅÉÎÎÑÒÇãæñäã AD-1 ĸÞòÊÆ̦ȴÒÞÇÑ accountId ÎûËðÆîϯ¡¤
ÆîËôÑÀÌùȺ˷ÜÓØÙåôÎìǵúèÍÌÎû֪ȢÇñÅèĶî¯ËóÄãÍÔÆü¡¨
á£È¢î£î¯Ëó 10-2 ØÙåôÇÁÆîæñäãÎûë¥øý
<Attribute name=’common resources’>
<Attribute name=’Common Resource Group Name’>
<List>
<String>Common Resource Name</String>
<String>Common Resource Name</String>
</List
</Attribute>
</Attribute>
ØÙåô X509 ðÕøýë¥øýËðÆîĶÇÄæñعÌÏá£Ê©ØÙåô Identity Manager Îû X509 ðÕøýë¥øý¡¤
ÆÒÓÑ۾ǵ
Ó¼ÓÑÇã Identity Manager ÄãÅÅßÎÙ×Íõ X509 ðÕøýÎûë¥øý¡¢îùíýÌùÄØÆßíýØÙåô÷äÇ× (ÆîÅÂê¦êØÈùΤðÂ) SSL ë¥øý¡¤Ú·ÆîÅÂê¦ÎûËÅÐù¡¢ÝÕÏÐÆüÜÊÇÙ X509 ݽî¯ÎûËðÆîϯðÕøýóÜÄØã¾Ä«ößûªðÂÄã (ÍÐÆ«Ýàç´ßáìäƦûô̽ðÂËðÆî)¡¢ÈÔÆîÍõøÜå÷ËðÆîϯðÕøýÎûÆ«ÏêǶðÕøýóÜÄØã¾Ä« Web óÜÆîá£È¢ÈùΤðÂÎûÆ«ÏêǶðÕøýÏÚý¬ÇôÍóÙ´Ä㡤
ȺÆÀ¡¢ÆÒâüòÙ̽ÍÔËðÆîÎûÆîÅÂê¦ðÕøýËôâÐÈçÆîÅÂê¦ë¥øý¡¤Ó¼ÓÑíýë¥ÝÕԶٯɢ¡¨
ØÙåô Identity Manager Äã X509 ðÕøýë¥øý
Ò³ X509 ðÕøýë¥øýØÙåô Identity Manager¡¨
- Åè [Configurator] ÎûËÎǹ (ÍÐ̦ÇÑá«ûâÓîÎûËÎǹ) àôÄ« [Administrator Interface]¡¤
- òÙ̽ [Configure]¡¢àÓÑ¥òÙ̽ [Login]¡¢ÅèüÏÆü [Login] Ó÷Óò¡¤
- ѺġĶ [Manage Login Module Groups]¡¢ÅèüÏÆü [Login Module Groups] Ó÷Óò¡¤
- ÇãÛÒÞÌÄãòÙ̽àôÄ«í¼ÜÚåúÜÚ¡¤
- Çã [Assign Login Module...] ÛÒÞÌÄã¡¢òÙ̽ [Identity Manager X509 Certificate Login Module]¡¤Identity Manager äÄüÏÆü [Modify Login Module] Ó÷Óò¡¤
- ÝÃÌùàôÄ«È©ÅüëæÊ塤ƫÚÙÌ¿ÎûÔ«ÇñĶ¡¨
- ÆÒÓÑ - ȺàôÄ«í¼ÜÚҳȩÅüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤àÒï¢ë¥øýÑÒÈ©ÅüÍÐÆÂÚõ¡¢ë¥øýá£Ê©ÝçäÄâÐÈçÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤ÇñΪã¯È´Ä¡Ô¶àôÄ«í¼ÜÚ¡¢Ð¬ê§Ü¡ÔÞÆ«È©ÅüàôÄ«¡¤
- ÆÒëæ - ȺàôÄ«í¼ÜÚҳȩÅüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤ÇñΪë¥øýÈ©Åü¡¢Ð¬ë¥øýá£Ê©äÄâÐÈçÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤ÇñΪÆÂÚõ¡¢Ð¬ë¥øýÙòÄâäÄú«úýâÐÈ硤
- ËÍÙÜ - ȺàôÄ«í¼ÜÚÄâÑÒÈ©Åüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤ÇñΪë¥øýÈ©Åü¡¢Ð¬ë¥øýá£Ê©ËäÄâäÄú«úýâÐÈçĶġԶàôÄ«í¼ÜÚ¡¢Èþê§Ü¡ÔÞÆ«È©ÅüàôÄ«¡¤ÇñΪë¥øýÆÂÚõ¡¢Ð¬ë¥øýäÄú«úýâÐÈçÛÒÞÌĸÎûĶġԶàôÄ«í¼ÜÚ¡¤
- òÙðåÍÌ - ȺàôÄ«í¼ÜÚÄâÑÒÈ©Åüë¥øýÎûÆÒÓÑí¼ÜÚ¡¤àÒï¢ë¥øýÑÒÈ©ÅüÍÐÆÂÚõ¡¢ë¥øýá£Ê©ÝçäÄú«úýÛÒÞÌÄãÎûĶġԶàôÄ«í¼ÜÚ¡¤
- òÙ̽àôÄ«ÒÞÄëùÃôúݽЬ¡¤ÈºÝ½Ð¬Æ«ÅèÑÒÄùÐúÎûݽЬÍÐÈÜÓÔÒÞÄëùÃôúݽЬ¡¤(îùÙ¶ïåĶåçô½ÚµÈ´ùÃÐúÇ¡ÈÜÓÔÒÞÄëùÃôúݽЬÎûæñع)¡¤
- ѺġĶ [Save] ÏÓÇß [Modify Login Module Group] Ó÷Óò¡¤
- ÍÐϯ¡¢Óìä»ÇøÚêàôÄ«í¼ÜÚÎûâûÊ© (ÇñΪàôÄ«í¼ÜÚåúÜÚÄãÄØÑÀÌùÇéÔ¶àôÄ«í¼ÜÚ)¡¢àÓѥѺġĶ [Save]¡¤
- ÇñΪÌþÆÜÑÀÌù¡¢Ð¬ÙòàôÄ«í¼ÜÚåúÜÚÑÀÌùá¿àôÄ«óÜÆîá£È¢¡¤Çã [Login Module Groups] Ó÷Óòĸ¡¢ÑºÄ¡Ä¶ [Return to Login Applications]¡¢ÇÂòÙ̽àôÄ«óÜÆîá£È¢¡¤ÙòàôÄ«í¼ÜÚåúÜÚÑÀÌùá¿óÜÆîá£È¢Ñ¥¡¢ÑºÄ¡Ä¶ [Save]¡¤
Þ¬â¡
ÇñΪÙò waveset.properties óòÕùÄãÎû allowLoginWithNoPreexistingUser òÙâúÝÃÌùÒ³ true Ô«¡¢Ð¬åµØÙåô Identity Manager X509 ðÕøýàôÄ«í¼ÜÚÕ롢˷ÜÓäÄßÈÆüÚÀòÙ̽ [New User Name Rule]¡¤ÈºÝ½Ð¬ÆîÍõíýÌùÇñÈôÌÔÇØÒÞùÃÎûàôÄ«ÒÞÄëùÃôúݽЬÊÆÄâ̯ËðÆîϯÕëÐúÇ¡Îûä»ËðÆîϯ¡¤ [New User Name Rule] Æ«ÆîÎûòÓÄ«Å¿í°êØ [Login Correlation Rule] ÒÞÇÑ¡¤ÆÆäÄã®ÇßÞÌÄ¡ÇóÈ롢ȺÇóÈëäÄÈ©Ò³ÆîÍõÐúÇ¡ä» Identity Manager ËðÆîϯڨæÀÎûËðÆîϯÇØꢡ¤ Çã idm/sample/rules ÄãÈ´ä»ËðÆîϯÇØê¢Ý½Ð¬Îûî¯Ëó¡¢ÇØÒ³ NewUserNameRules.xml¡¤
ÐúÇ¡Ëäã¾Ä«àôÄ«ØÙåôݽЬ
Identity Manager X509 ðÕøýàôÄ«í¼ÜÚäÄËðÆîàôÄ«ÒÞÄëùÃôúݽЬËôíýÌùÇñÈôÙòðÕøýæñÕèè×ÑÐÈÝïËåµÎû Identity Manager ËðÆîϯ¡¤Identity Manager ÅýÑÄÄ¡Ô¶ÄùÐúÒÞÄëùÃôúݽЬ¡¢ÇØÒ³ Correlate via X509 Certificate subjectDN¡¤
ÚÀľƫÅèìÁÅûÚÀÈÜÄ×ÎûùÃôúݽЬ¡¤ÊäÄ¡Ô¶ÒÞÄëùÃôúݽЬÆÒâüò×ÇöÝÕËèÑÀðÒÔÏЬ¡¨
- ̧ authType úèÍÌÆÒâüÝÃÌùÒ³ LoginCorrelationRule¡¤(Çã <LoginCorrelationRule> Ä÷×ÃÄãÝÃÌù authType=’LoginCorrelationRule’¡¤)
- çßßæã®Çß AttributeConditions ÛÒÞÌÎûèÒËó¡¢àôÄ«í¼ÜÚäÄËðÆîȺèÒËóÊÆ̯ÒÞùÃÎû Identity Manager ËðÆîϯ¡¤ËóÇñ¡¢àôÄ«ÒÞÄëùÃôúݽЬƫ×äã®Çß AttributeCondition¡¢ÆÆäÄÕüðãçÙÄÍâÓǵÇâÉßä²ÞòÒÞùÃÎû Identity Manager ËðÆîϯ¡¤
ã®ëÄÈÝàôÄ«ØÙåôݽЬÎûÅ¿í°È´¡¨
ã®ëÄÈÝàôÄ«ÒÞÄëùÃôúݽЬÎûðÕøýÅ¿í°ÎûÌÔÇØèëËó¡¨
cert.field name.subfield name
ÅèĶҳݽЬƫÅèËðÆîÎûÅ¿í°ÇØê¢î¯Ëó¡¨
àôÄ«ØÙåôݽЬ (ËðÆîã®Ä«Å¿í°) äÄã®ÇßÄ¡ÍÐÇéÔ¶ AttributeConditions ÎûÛÒÞÌ¡¤[Identity Manager X509 Certificate Login Module] äÄËðÆîÝÕËèÛÒÞÌÊÆ̯ÒÞùÃÎû Identity Manager ËðÆîϯ¡¤
Çã idm/sample/rules ÄãÅýÉÖàôÄ«ÒÞÄëùÃôúݽЬÎûî¯Ëó¡¢ÇØÒ³ LoginCorrelationRules.xml¡¤
ÐúÇ¡ÈÜÓÔÒÞÄëùÃôúݽЬѥ¡¢ÚÀÆÒâüÙòÆÆã¾Ä« Identity Manager¡¤Ú· [Administrator Interface] ÄãòÙ̽ [Configure]¡¢àÓÑ¥òÙ̽ [Import Exchange File]¡¢ÅèËðÆîóòÕùã¾Ä«Åü×䡤
àÁæÜ SSL ÝÙîÀ
Ó¼ÓÑàÁæÜ SSL ÝÙîÀ¡¢îùÝàç´ SSL ÝÙîÀ̯ÄØØÙåôÎûóÜÆîá£È¢ÄõÓòÄæ URL (ËóÇñ https//idm007:7002/idm/user/login.jsp)¡¤ÚÀäÄÝ·ÉËÏ¡ÚÀÙòâÐÄ«ÇøÇÀÎûê½×»¡¢ËäßÈÆüÚÀÑÀÌùÓÑã®ØÊá¿ Web ÈùΤðÂÎûԶĩðÕøý¡¤
â¬öËÙÂ÷î
Ýàç´ X509 ðÕøýÈÔàõÆíÎûë¥øýÙÂ÷îäÄÇãàôÄ«ÏÐÞÌĸÅèòãë¨Ø¹ÕÉÎûÊ°È¢ÞÞÉË¡¤ÇñëæÉùðìÎûâ¬öË¡¢îùÇã Identity Manager ÈùΤðÂĸè×ÍõÅèĶùËɱÌÏìÒ×ÈâÐÈçØÑ÷Ç¡¨
ÇñΪÆîÅÂê¦ðÕøýúèÍÌÇã http îùÊåÄãÎûÇØê¢ÄâÑÒ javaxservlet.request.X509Certificate ¡¢ÚÀäÄÈ̯ġԶعÕÉÏÐÆüÇã http îùÊåÄãÊÆÄâ̯ȺúèÍÌ¡¤Ó¼ÓÑÊÕÆßÝÕÔ¶ÙÂ÷
ÚÀÆ«×äõäëæÓÑÇ¿ÜÃØæ¡¢àÓÑ¥ÇÂÓìä»ìÁÅûàôÄ«óÜÆîá£È¢ÄãÎû Identity Manager X509 ðÕøýàôÄ«í¼ÜÚ¡¤
ÅûÙïËðÆîÌÏê§Ü¡ÅûÙïÆîÍõíýÏñØ´ðÙüÕÌÏóÃÇôÕ»ÄãÈùΤðÂæñÕèÅèůÇãÈùΤðÂÌÏçÐç¬Äæâæã®òÓÎûÍÔÈ´æñÕèÎûñ¢ÙïÍÌÌÏÉùðìÍÌ¡¤
ÅèĶÇÖåçßÈËòħȴùÃÇñÈôÇã Identity Manager ÈùΤðÂÌÏçÐç¬ÄãËðÆîÌÏê§Ü¡ÅûÙïÎûÊÕÇéæñع¡¢ËäúÏÓÝħȴùÃÈùΤðÂÌÏçÐç¬ÅûÙïÏÚý¬ÎûÙÂ÷
Ì¿ÅûÙïÏñû¬ÎûæñÕè
ĶÏÐüÏÆüħÇã Identity Manager ܨÐÂÄãÌ¿ÅûÙïÏñû¬ÎûæñÕèùËÐΡ¢ÅýÑÄÆîÍõÏñû¬Êäê¡ùËÐÎæñÕèÎûÙï¤
ÏÐ 10-1 Ì¿ÅûÙïÏñû¬ÎûæñÕèùËÐÎ
æñÕèùËÐÎ
RSA MD5
NIST Triple DES 168 ÈíÄ÷ÏÚý¬ (DESede/ECB/NoPadding)
PKCS#5 Ù×ÍõÙïî£ÎûÅûÙï 56 ÈíÄ÷ÏÚý¬ (PBEwithMD5andDES)
ÈùΤðÂÅûÙïÏÚý¬
çßÝÃ
ØÙåôòÙâú1
çÐç¬ÅûÙïÏÚý¬
çßÝÃ
ØÙåôòÙâú 1
á¬Ü©Çǫ́Çóâ¤
ÑÒ
ËðÆîϯÙïî£
ÑÒ
ËðÆîϯÙïî£ñ¥á£Ø´òç
ÑÒ
ËðÆîϯÇß÷»
ÑÒ
æñäãÙïî£
ÑÒ
æñäãÙïî£ñ¥á£Ø´òç
ÑÒ
ÈùΤðÂÌÏçÐç¬ÄæâæÎûÍÔÈ´È´ÕæÓ×ç¥
ÑÒ
1Ýàç´Ë·ÜÓØÙåôÎìǵÎû pbeEncrypt úèÍÌÍÐ[Manage Server Encryption] É¢äÆâÐÈçØÙåô¡¤
ÈùΤðÂÅûÙïÏÚý¬ÙÂ÷îêØÇß÷»
îùïåûôÅèĶÇÖåç¡¢Åè̽ڵȴùÃÈùΤðÂÅûÙïÏÚý¬Ëôäã¡£Èíåô¡£êÄû¬ÌÏËðÆîÎûÚ¦ËÄÙÂ÷îÎûÇß÷»¡¤
ÈùΤðÂÅûÙïÏÚý¬ËôÈÜÈôݨ¡©
ÈùΤðÂÅûÙïÏÚý¬ÑÒè×ê¢Îû triple-DES 168 ÈíÄ÷ÏÚý¬¡¤ÈùΤðÂÅÅßÎÌ¥ê¡ùËÐÎÎûÏÚý¬¡¨
ÇãÈôݨêÄû¬ÈùΤðÂÅûÙïÏÚý¬¡©
ÈùΤðÂÅûÙïÏÚý¬ÑÒÇãóÃÇôÕ»ÄãêÄû¬ÎûÎìǵ¡¤ÇãǶÈôá¿ÌùóÃÇôÕ»ÄãÝçäÄÈ´ÝÂÇéæñÕèÅûÙïÏÚý¬¡¤
ÈùΤðÂÇñÈôÏ¡ç¬ËðÆîÔáÔ¶ÏÚý¬è×ÄØÅûÙïæñÕèâÐÈçæØÙïÌÏÓìä»ÅûÙï¡©
óÃÇôÇãóÃÇôÕ»ÄãÎûÊäġǹÅûÙïæñÕèÝçÅèÈùΤðÂÅûÙïÏÚý¬ (ÆîÍõÅûÙïæÚæñÕè) Îû ID Щ¡¤ÙòÅýÉÖÅûÙïæñÕèÎûÎìǵûôÄ«Ø´ðÙüÕÑ¥¡¢Identity Manager äÄËðÆîêØÅûÙïæñÕèÎû ID Щê¼ùÃôúÎûÈùΤðÂÅûÙïÏÚý¬âÐÈçæØÙï¡¢àÓÑ¥ËðÆîÒÞÇÑÎûÏÚý¬Óìä»ÅûÙï (ÇñΪæñÕèÄØüÈÊÕ)¡¤
ÇñÈôÊÕä»ÈùΤðÂÅûÙïÏÚý¬¡©
Identity Manager ßÈËòħÇØÒ³¡Öê§Ü¡ÈùΤðÂÅûÙï¡×ÎûÉ¢äÆ¡¤ÈºÉ¢äÆÄøÝÂåîÚæûâÎûÇøÇÀê§Ü¡ÔÞÙÚÈçÇéâúÏÚý¬ê§Ü¡É¢äÆ¡¢ÅýÑÄ¡¨
îùÙ¶ïåÆÛÝýÄãÎû¡Öê§Ü¡ÈùΤðÂÅûÙï¡×¡¢Åè̽ڵȴùÃÇñÈôËðÆîȺɢäÆÎûÊÕÇéæñع¡¤
ÇñΪüÈÊÕ¡ÖÆøЩ¡×ÈùΤðÂÏÚý¬¡¢äÄè×ܢȴÅûÙïæñÕèÝßÈ©ÄïëûìàûÀ¡©
ÊôÈ´ìàûÀ¡¤ÄóÙòËðÆîÅûÙïæñÕèÎû ID Щê¼Ù¶äùÎûÏÚý¬è×ܢȴÅûÙïæñÕèâÐÈçæØÙïÍÐÓìä»ÅûÙÇñΪܨÆíä»ÎûÈùΤðÂÅûÙïÏÚý¬ËäÝÃÌùÒ³¡ÖÆøЩ¡×ÏÚý¬¡¢Ð¬Ç¶ÈôÓÑÅûÙïÎûä»æñÕèÝçÙòËðÆîæÚÈùΤðÂÏÚý¬¡¤
Ò³õâÉàõÆíÇéÏÚý¬ÙÂ÷îÅèůҳêÄû¬ÊÕØíìÒ×ÈÎûæñÕèÉùðìÍÌ¡¢îùËðÆî [ê§Ü¡ÈùΤðÂÅûÙï] É¢äÆè×ÍÔȴ̦ȴ¡ÖÆøЩ¡×ÈùΤðÂÅûÙïÏÚý¬ÎûܢȴÅûÙïæñÕèÓìä»ÅûÙ
åµÚÀã¾Ä«ÎûÅûÙïæñÕèÊôÈ´ÅûÙïÏÚý¬Æ«ÆîÕë¡¢äÄàõÆíÄïëûÎíÎÓ¡©
Ó¼ÚÀÙòÉÖÈ´ÅûÙïæñÕèÎûÎìǵã¾Ä«ÈÝóÃÇôÕ»¡¢ÈþÅûÙïæÚæñÕèÕëÍÔËðÆîÎûÏÚý¬ËäÄâÇãȺóÃÇôÕ»Ä㡢ЬæñÕèÄóÆ«ã¾Ä«¡¢ÈþàÒÎÎâÐÈçæØÙ
ÇñÈôÏñû¬ÈùΤðÂÏÚý¬¡©
ÇñΪÈùΤðÂÆÜØÙåôÒ³ËðÆîÙïî£ÅûÙï (PBE) - PKCS#5 ÅûÙï (Ýàç´ pbeEncrypt úèÍÌÍÐ [Manage Server Encryption] É¢äÆÇãË·ÜÓØÙåôÎìǵÄãÝÃÌù)¡¢Ð¬ËðÆîçßÝÃÏÚý¬ÅûÙïÈùΤðÂÏÚý¬¡¤è×ÍõÇøæÒÎûÍÔÈ´ Identity Manager¡¢çßÝÃÏÚý¬ÝçÑÒÒÞÇÑÎû¡¤
ÇñΪÈùΤðÂØÙåôÒ³ËðÆî PBE ÅûÙЬÊäȹÚöÙ¯ÈùΤðÂÕëÝçäÄܨÆíÄ¡Ô¶ PBE ÏÚý¬¡¤Ýàç´ßÈËòÄ¡Ô¶Ùïî£ (Ú·ÈùΤðÂÖÖÌùÎû׸ÙïܨÆí) ØøÒ³ PBEwithMD5andDES Ùïî£ËôܨÆí PBE ÏÚý¬¡¤PBE ÏÚý¬ã¯ÇãØ´ðÙüÕÄãêÄû¬¡¢ËäÅâÚ·Äâ̦ȴÆãļÍÌ¡¤Æ¶ÆÀ¡¢PBE ÏÚý¬è×ÍõÇÁÆîÄ¡Ô¶ÇÁÇÑóÃÇôÕ»ÎûÍÔÈ´ÈùΤðÂÝçÑÒÒÞÇÑÎû¡¤
Ó¼ÓÑÚöÆîÈùΤðÂÏÚý¬Îû PBE ÅûÙï¡¢Ùïî£ PBEwithMD5andDES ÆÒâüÆ«ÆËíçßÝá¢Identity Manager ÄâÅýÉÖȺÙï¢ÈþȺÙïî£ÚèÆî PKCS#5 íºäí¡¢ÝÂÇé JCE ßÈËòϯèÒÉ¢ (ËóÇñ Sun ÌÏ IBM ßÈËòÎûèÒÉ¢) ÄãÝçßÈËòħæÚíºäí¡¤
ʼƫÅèã¾ÅøÈùΤðÂÏÚý¬ÅèÇøÇÀÇâóÃÇôÇãÆÀÝåãá©
Æ«Å衤ÇñΪÈùΤðÂÏÚý¬ÑÒ PBE ÅûÙïÎû¡¢Ð¬Çãã¾ÅøÄæЩ¡¢ÙòËðÆîçßÝÃÏÚý¬è×̧âÐÈçæØÙïÌÏÓìä»ÅûÙÝÕËðÚµÆÆԯƫÅèñÁÇ¡ÍõÆÛñ¢ÈùΤð PBE ÏÚý¬ÈÔÝ·á¡Ñ¥ã¾Ä«ÒÞÇÑÍÐ̧ÅìÈùΤðÂÄ㡤ÇñΪËðÆîçßÝÃÏÚý¬ÅûÙïÈùΤðÂÏÚý¬¡¢Ð¬Çãã¾ÅøÄæЩÄâëæÓÑǶÈôçßǿݨܡ¡¤
ÙòÏÚý¬ã¾Ä«ÈùΤðÂÑ¥¡¢ÇñΪæÚÈùΤðÂØÙåôÒ³ËðÆî PBE ÏÚý¬¡¢Ð¬ÙòæØÙïÝÕËèÏÚý¬¡¤àÓÑ¥¡¢ÇñΪæÚÈùΤðÂØÙåôÒ³ËðÆî PBE ÏÚý¬ÅûÙЬÙòËðÆîÆÛñ¢ÈùΤðÂÎû PBE ÏÚý¬Óìä»ÅûÙïÝÕËèÏÚý¬¡¤
ÔáËèæñÕèäÄÇãÈùΤðÂÌÏçÐç¬ÄæâæâÐÈçÅûÙï¡©
ÇãÈùΤðÂÌÏçÐç¬Äæâæã®òÓÎûÍÔÈ´æñÕè (È´ÕæÓ×ç¥) ÝçÆñØÜè×ÈùΤðÂ-çÐç¬âêÑôÉ¢äÆòññ¢Ü¨ÆíÎûè×ê¢ 168 ÈíÄ÷ÏÚý¬âÐÈç triple-DES ÅûÙ
çÐç¬ÏÚý¬ÙÂ÷îêØÇß÷»
îùïåûôÅèĶÇÖåç¡¢Åè̽ڵȴùÃçÐç¬Ëôäã¡£óÃÇô¡£Å¡àõÌÏÏñû¬ÎûÚ¦ËÄÙÂ÷îÎûÇß÷»¡¤
ÅûÙïÍÐæØÙïæñÕèÎûçÐç¬ÏÚý¬ËôÈÜÈôݨ¡©
Êäȹ Identity Manager ÈùΤðÂÝÙîÀÈÝçÐç¬Õë¡¢ÏÏÌîعæÀǨßÐÝçÙòܨÆíä»Îûòññ¢ 168 ÈíÄ÷ triple-DES âêÑôÉ¢äÆÏÚý¬¡¤ÈºÏÚý¬ÙòÆîÍõÅûÙïÍÐæØÙïÍÔÈ´ÇãæÚÈùΤðÂÌÏæÚçÐç¬Äæâæã®òÓÎûÑ¥úýæñÕ衤è×ÍõÊäÔ¶ÈùΤðÂ/çÐç¬èס¢Ü¨ÆíÎûâêÑôÉ¢äÆÏÚý¬ÝçÑÒÙÄÄ¡Îû¡¤
ÇñÈôÙòçÐç¬ÏÚý¬Å¡àõÈÝçÐ笡©
âêÑôÉ¢äÆÏÚý¬ÆñÈùΤðÂòññ¢Ü¨Æí¡¢àÓÑ¥ÇãÈùΤðÂÌÏçÐç¬ÄæâæÇøÇÀÇââÐÈçǨßС¢ÅÉÎÎÑÒËðÆîØøÒ³ÏÏÌîÈùΤðÂÈÝçÐç¬Ø¹æÀǨßÐÎûÄ¡ÝåÅ¡ÎûÇÁÆî׸ÙïÅäÏÚý¬è×âêÑôÉ¢äÆÏÚý¬âÐÈçÅûÙ
ÇãÏÏÌîعæÀǨßÐÕë¡¢ÈùΤðÂäÄÑçææçÐç¬ÅèíýÌùçÐç¬ÅÅßÎÎûí¼È¢¡¤çÐç¬Æ«ÅèÇãÌ¥ê¡í¼È¢ÄãÉ¢äÆ
- çßÝÃí¼È¢ -ËðÆîÄØî¾úÁÒ³ÈùΤðÂÅîî£ÎûçßÝà 168 ÈíÄ÷ triple-DES ÏÚý¬¡¢è×ÈùΤðÂÈÝçÐç¬ÎûÏÏÌî̶ÌùعæÀǨßÐâÐÈçÅûÙ
- ÇøÇÀí¼È¢ -ØÜè×ÊäÔ¶ÇÁÆîóÃÇôջܨÆíÄ¡Ô¶òññ¢ 168 ÈíÄ÷ triple-DES çÐç¬ÏÚý¬¡¢ËäÉ¢Ò³ÏÏÌîÏêæÀǨßÐ̶ÌùÎûÄ¡ÝåÅ¡ÆîÍõÇãÈùΤðÂÌÏçÐç¬ÄæâæâÐÈçÝ×ع¡¤ÈºçÐç¬ÏÚý¬çù̧ÅìÅûÙïÏÚý¬Ä¡íµóÃÇôÇãÈùΤðÂóÃÇôÕ»Äã¡¢ËäóÃÇôÇãçÐç¬ÎûÆÛñ¢àôòçÄ㡤
ÈùΤðÂÇãÇøÇÀí¼È¢ÄãÝÙá¾çÐç¬Õë¡¢ÈùΤðÂÙòËðÆîçÐç¬ÏÚý¬ÅûÙïàÁæÜæñÕèËäÙò̧ã®ØÊÈÝçÐ笡¤àÓÑ¥¡¢çÐç¬Ùòè©æÜæØÙïàÁæÜæñÕè¡¢ÙòÄ¡ËèçÐç¬ÙÄÄ¡æñÕèìÁÅûÈÝàÁæÜæñÕè¡¢Óìä»ÅûÙïÝÕËèæñÕè¡¢ËäÙòæñÕèã®ÇßÈùΤð¡¤ÇñΪÈùΤðÂÆ«ÅèÈ©ÅüæØÙïàÁæÜæñÕèÌÏçÐç¬ÙÄÄ¡æñÕ衢ЬÈùΤðÂÙòܨÆíÈùΤðÂ-çÐç¬ÙÄÄ¡âêÑôÉ¢äÆÏÚý¬¡¢ËðÆîçÐç¬ÏÚý¬è×̧âÐÈçÅûÙïËäÙò̧ã®ØÊÈÝçÐ笡¤È̯ÄæÑ¥¡¢çÐç¬ÙòæØÙïâêÑôÉ¢äÆÏÚý¬ËäÙò̧ÏñÖç¡¢ÅèËòÇãÈùΤðÂÈÝçÐç¬âêÑôÉ¢äÆÄãËðÆÇñΪÈùΤðÂàÒÎÎÈ©ÅüæØÙïàÁæÜæñÕèÌÏçÐç¬ÙÄÄ¡æñÕ衢ЬÈùΤðÂÙòËðÆîçßÝÃÏÚý¬ÅûÙïçÐç¬ÏÚý¬ËäÙò̧ã®ØÊÈÝçÐ笡¤çÐç¬ÙòËðÆîÇãçßÝÃÏÚý¬Äãî¾úÁÎûçÐç¬ÏÚý¬æØÙïçÐç¬ÏÚý¬¡¢ËäÙòæÚçÐç¬ÏÚý¬óÃÇôÇã̧àôòçÄ㡤àÓÑ¥¡¢ÈùΤðÂÙòËðÆîçÐç¬ÏÚý¬ÅûÙïÈùΤðÂ-çÐç¬ÙÄÄ¡âêÑôÉ¢äÆÏÚý¬ËäÙò̧ã®ØÊÈÝçÐ笡¢ÅèËòÇãÈùΤðÂÈÝçÐç¬âêÑôÉ¢äÆÄãËðÆ
ÄæÑ¥¡¢çÐç¬Ùòã¯ÚÙÌ¿ËôÈÜÄØËðÆî̧çÐç¬ÏÚý¬ÅûÙïâêÑôÉ¢äÆÏÚý¬ÎûÈùΤðÂÎûîùÊ塤ÚöÙ¯Õë¡¢çÐç¬ÙòóôÑçàôòçÄãÑÒÉÁÈ´ÏÚý¬¡¤ÇñΪȴ¡¢Ð¬ËðÆîÆÆ¡¤ÇñΪÊôÈ´¡¢Ð¬ËðÆîçßÝÃÏÚý¬¡¤çÐç¬ÇãàôòçÄãÝÃÌùÏÚý¬Ñ¥¡¢ÙòÄâÇÂÄøÝÂËðÆîçßÝÃÏÚý¬ÐúÇ¡âêÑôÉ¢äÆ¡¤ÝÕÙòÏàÅÏÑÜËèÄ©ÝÃÌùߪãôÈùΤðÂÌÏÐúÇ¡ÈÝçÐç¬ÎûÝÙîÀ¡¤
ʼƫÅèÊÕä»ÆîÍõÅûÙïÍÐæØÙïÈùΤðÂÈÝçÐç¬È´ÕæÓ×ç¥ÎûçÐç¬ÏÚý¬ãá©
Identity Manager ßÈËòħÇØÒ³¡Öê§Ü¡ÈùΤðÂÅûÙï¡×ÎûÉ¢äÆ¡¢Ì§ÄøÝÂåîÚæûâÎûÇøÇÀê§Ü¡ÔÞÙÚÈçÇéâúÏÚý¬ê§Ü¡É¢äÆ¡¢ÅýÑÄܨÆíä»Îû¡ÖÆøЩ¡×çÐç¬ÏÚý¬ÌÏËðÆîæÚ¡ÖÆøЩ¡×çÐç¬ÏÚý¬ÊÕä»ÍÔÈ´çÐ笡¤ÝÕÑÒÆîÍõÅûÙïÊäÔ¶âêÑôÉ¢äÆÏÚý¬ (ÆîÍõÏñû¬ÇãÈùΤðÂÌÏçÐç¬Äæâæã®òÓÎûÍÔÈ´È´ÕæÓ×ç¥) ÎûÏÚý¬¡¤ÕüðãË·ÜÓØÙåôÄã pbeEncrypt úèÍÌÎûÔ«¡¢ÙòËðÆîçßÝÃÏÚý¬ÍÐ PBE ÏÚý¬ÅûÙïä»Ü¨ÆíÎûçÐç¬ÏÚý¬¡¤
çÐç¬ÏÚý¬óÃÇôÇãÈùΤð¡£çÐç¬ÎûÄïëûÇâÅÉ¡©
ÇãÈùΤðÂĸ¡¢çÐç¬ÏÚý¬ÞóçùÈùΤðÂÏÚý¬Ä¡íµóÃÇôÇãóÃÇôÕ»Ä㡤ÇãçÐç¬Ä¸¡¢çÐç¬ÏÚý¬óÃÇôÇãÆÛñ¢àôòçñ¢î£Ä㡤
ÇñÈôÏñû¬çÐç¬ÏÚý¬¡©
Ïñû¬çÐç¬ÏÚý¬ÎûÅÉÈ¢êØÏñû¬ÈùΤðÂÏÚý¬ÎûÅÉÈ¢ÒÞÇÑ¡¤ÇñΪÈùΤðÂØÙåôÒ³ËðÆî PBE ÅûÙЬÙòËðÆî PBE ܨÆíÎûÏÚý¬ÅûÙïçÐç¬ÏÚý¬¡¤ÇñΪæÚòÙâúÒ³ False¡¢Ð¬ÙòËðÆîçßÝÃÏÚý¬è×̧âÐÈçÅûÙîùÙ¶ïåЩÓÝíº÷îÒ³¡ÖÇñÈôÏñû¬ÈùΤðÂÏÚý¬¡©¡×ÎûÝýåç¡¢Åè̽ڵÊÕÇéæñع¡¤
ʼƫÅèã¾ÅøçÐç¬ÏÚý¬ÅèÇøÇÀÇâóÃÇôÇãÆÀÝåãá©
Æ«ÅèÝàç´¡Öê§Ü¡ÈùΤðÂÅûÙï¡×É¢äÆã¾ÅøçÐç¬ÏÚý¬¡¢Þóçùã¾ÅøÈùΤðÂÏÚý¬Ä¡íµ¡¤îùÙ¶ïåЩÓÝíº÷îÒ³¡ÖʼƫÅèã¾ÅøÈùΤðÂÏÚý¬ÅèÇøÇÀÇâóÃÇôÇãÆÀÝåãá©¡×ÎûÝýåç¡¢Åè̽ڵÊÕÇéæñع¡¤
ÇñÈôïÚäÚÈùΤðÂÌÏçÐç¬ÏÚý¬¡©
Ýàç´Ú·ÈùΤðÂóÃÇôÕ»ÄãÉ´ØæÈùΤðÂÌÏçÐç¬ÏÚý¬É»Æ«Ùò̧ïÚäÚ¡¤îùâ¡ãô¡¢Æ·ÓÑÄóÇãËðÆîÑÜÏÚý¬ÅûÙïÈùΤðÂæñÕèÍÐÄóÈ´çÐç¬ËíòÊÍõæÚÏÚý¬¡¢ÞóÄâóÜæÚÉ´ØææÚÏÚý¬¡¤ËðÆî¡Öê§Ü¡ÈùΤðÂÅûÙï¡×É¢äÆÓìä»ÅûÙïÍÔȴ̦ȴÆøЩÈùΤðÂÏÚý¬ÎûÈùΤðÂæñÕè¡¢ËäÇÑÊãŧÆøЩÎûçÐç¬ÏÚý¬êØÍÔÈ´çÐ笡¢ÅèíýÏñÇãÉ´ØæǶÈô÷®ÎûÏÚý¬ÄæЩÆÜÇãËðÆîæÚ÷®ÏÚý¬¡¤
ê§Ü¡ÈùΤðÂÅûÙïIdentity Manager ÈùΤðÂÅûÙïÅü×äÆ«üéÚÀÐúÇ¡ä»Îû 3DES ÈùΤðÂÅûÙïÏÚý¬¡¢àÓÑ¥ËðÆî 3DES ÍÐ PKCS#5 ÅûÙïè×ÝÕËèÏÚý¬âÐÈçÅûÙï¡¢ÇñĶè·ÍÔÆü¡¤Æ·È´Ì¦È´ÇøÇÀê§Ü¡ÔÞûâ×äÎûËðÆîϯÄßÆ«ÅèÙÚÈç [ê§Ü¡ÈùΤðÂÅûÙï] É¢äÆ (Ú· [ÈùΤðÂÉ¢äÆ] íºü¾Çô̽ȺɢäÆ)¡¤
è· 10-1 ê§Ü¡ÈùΤðÂÅûÙïÉ¢äÆ
òÙ̽ [Run Tasks]¡¢àÓÑ¥Ú·ÛÒÞÌÄãòÙ̽ [Manage Server Encryption]¡¢ÅèҳȺɢäÆØÙåôÅèĶæñع¡¨
- ÊÕä»ÈùΤðÂÅûÙïÏÚý¬ÎûÅûÙï - òÙ̽ȺòÙâúɻƫÑÀÌùËðÆîçßÝÃÅÉÎÎ (É» 3DES) ÅûÙï¡¢õäÑÒËðÆîÍÐ PKCS#5 ÅûÙïè×ÈùΤðÂÅûÙïÏÚý¬âÐÈçÅûÙåµÚÀòÙ̽ȺòÙâúÕë¡¢äÄÅøܢ̥ԶÅûÙïòÙâú (çßÝÃÔ«ÌÏ PKCS#5)¡§îùòÙðå̧ÄãÄæÄ¡¡¤
- ܨÆíä»ÎûÈùΤðÂÅûÙïÏÚý¬¡¢ËäÙò̧ÝÃÒ³ÆøЩÎûÈùΤðÂÅûÙïÏÚý¬ - òÙ̽ȺòÙâúƫܨÆíä»ÎûÈùΤðÂÅûÙïÏÚý¬¡¤ÇãÚÀòÙ̽ȺòÙâúÑ¥ÍÔܨÆíÎûÊäÄ¡ÝåÅ¡ÅûÙïæñÕè¡¢ÝçÙòËðÆîȺÏÚý¬âÐÈçÅûÙܨÆíä»ÎûÈùΤðÂÅûÙïÏÚý¬¡¢ËäÄâäÄìàûÀÔïÆîÈÝܢȴÅûÙïæñÕèÎûÏÚý¬¡¤
- òÙ̽ÓÑÅèÆøЩÈùΤðÂÅûÙïÏÚý¬ËôÓìä»ÅûÙïÎûÎìǵùËÐÎ - òÙ̽ġԶÍÐÇéÔ¶ Identity Manager ÎìǵùËÐÎ (ÇñæñäãÍÐËðÆîϯ)¡¢ÅèËðÆîÆøЩÎûÅûÙïÏÚý¬Óìä»ÅûÙ
- ê§Ü¡çÐç¬ÏÚý¬ - òÙ̽ȺòÙâúÑ¥¡¢Ó÷ÓòäÄüÏÆüĶÇÄçÐç¬ÏÚý¬òÙâú¡¨
- ܨÆíä»ÏÚý¬ËäÇÑÊãŧÍÔÈ´çÐç¬ ÏÏÌîÚöÆîÇøÇÀçÐç¬ô¿èºÕëòÙ̽ȺòÙâú¡¤ÈºòÙâúäÄܨÆíä»ÎûçÐç¬ÏÚý¬¡¢Ëäã®ØÊá¿ÍÔÈ´çÐ笡¤
- ËðÆîÆøЩÎûçÐç¬ÏÚý¬ÇÑÊãŧÍÔÈ´çÐç¬ òÙ̽ȺòÙâúÅèÇÑÊãŧÍÔÈ´ä»çÐç¬ÍÐÌþÆÜêØä»çÐç¬ÏÚý¬Ý×عÎûçÐ笡¤ÇñΪÍÔÈ´çÐç¬ÝçÄØËðÆîÆøЩÎûçÐç¬ÏÚý¬ÇÑÊãŧ¡¢ÈþÑÒÈ´Ä¡Ô¶çÐç¬ÄØùÃÝð¡¢ÍÐÑÒÚÀÓÑڰ̱ä»çÐç¬ÊÕä»ÏÚý¬Õë¡¢îùòÙ̽ÝÕÔ¶òÙâú¡¤
- ã¾ÅøÈùΤðÂÅûÙïÏÚý¬É¢Ò³Þ¬Ç¹ - òÙ̽ȺòÙâúɻƫÙòܢȴÎûÈùΤðÂÅûÙïÏÚý¬ã¾ÅøÒ³ XML ֪ȢÎûóòÕù¡¤åµÚÀòÙ̽ȺòÙâúÕë¡¢Identity Manager äÄüÏÆü÷ìÆÀÎûúñÈí¡¢ÅèËòÚÀÑÀÌùã¾ÅøÏÚý¬ÎûæûÕÀÌÏóòÕùÇØꢡ¤
Þ¬â¡
ÇñΪÚÀÓÑËðÆî PKCS#5 ÅûÙï¡¢ÈÔÅâòÙðåܨÆíÌÏÝÃÌùä»ÎûÈùΤðÂÅûÙïÏÚý¬Îûæã¡¢ÚÀľóÜòÙ̽ȺòÙâú¡¤ØæȺÄæÆÀ¡¢ÚÀõäóÜæÚÙòã¾ÅøÎûÏÚý¬óÃÇôÇãÆ«ÜÃØæÎûÞèüÕĸ¡¢ËäÇôÍóÇãÇøÇÀÎûÈíåô (îùŦÍóÇãê½æûĸ)¡¤
- ÙÚÈçí¼È¢ - òÙ̽ÓÑÇãÓ¬ßß (çßÝÃòÙâú) õäÑÒÇãЩßßÙÚÈçȺɢäÆ¡¤ÇñΪÚÀòÙðåÅèä»Ü¨ÆíÎûÏÚý¬Óìä»ÅûÙïÄ¡ÍÐÇéÔ¶ÎìǵùËÐΡ¢Ð¬ÈºÉ¢äÆÆ«×äëæÓÑÏÄâ¶Ä¡öµÕëâæ¡¢ËäÅâÞ²ÇïÇãÓ¬ßßÄãÙÚÈ硤
ÇøÇÀÍÌËðÆîÅÉÕùËÎÒ³ Identity Manager ê§Ü¡ÔÞ¡¢ÚÀÆ·ÓÑÇãÝÃÌùÕëÍÐÅèÑ¥ÙÚÈçÅèĶÐúú¾Êãüõ¡¢É»Æ«âÐÄ¡ÊãàµÅ·Ì¿Ïñû¬Ú¨æÀÌÏí°ðãÎûÇøÇÀÍÌÓøòò¡¤
ÝÃÌùÕë
ÚÀóÜæÚ¡¨
- ËðÆî https Ýàç´ÇøÇÀ Web ÈùΤðÂÇô̽ Identity Manager¡¤
- ÓìÝÃçßÝà Identity Manager ê§Ü¡ÔÞÚ¨æÀ (ê§Ü¡ÔÞêØ Configurator) ÎûÙï¤Ó¼ÓÑâÐÄ¡ÊãíýÏñÝÕËèÚ¨æÀÎûÇøÇÀÍÌ¡¢ÚÀÆ«ÅèÙòÆÆÔ¯Óìä»ÌÔÇØ¡¤
- Óî̱è× Configurator Ú¨æÀÎûÇô̽¡¤
- Ùòê§Ü¡ÔÞÎûûâ×äâõÓî̱ҳƷ×äÙÚÈçÒ³èÒܢ̧ɢäÆÅü×äÍÔëæÓÑÎûٯɢ¡¢Æ«Ýàç´ÝÃÌùÜÚöþâêìÒËôÓî̱ê§Ü¡ÔÞûâ×䡤
- üÈÊÕ Identity Manager ×ÄÅ¿óÃÇôÕ»ÎûçßÝÃÙï¤
- âäÚöî¨ÕøÅèØÑ÷Ç Identity Manager óÜÆîá£È¢ÄãÎûÒ¤Ù¯¡¤
- î¾òÒè× Identity Manager ÆøòçÄãóòÕùÎûûâÓ
- ÈÜÓÔÄÖÉ¢Ñüá£ÅèßÆÄ«ÕøÔÆÍÐ̧ÅìóôÑçöµ¡¤
- âäàõÇßߦá£Ê©ËôßÀÓÝÇñÈôÇãê»ÑªÎíÎÓĶÇßߦÚÀÎû Identity Manager ô¿èº¡¤
ÇãËðÆîßæâæ
ÚÀóÜæÚ¡¨
ÇñΪÚÀÎûóÜÆîá£È¢ÈùΤðÂêØ Servlet 2.2 ÒÞÕ©¡¢Identity Manager ÇøæÒá£Ê©äÄÙò http âêÑôÉ¢äÆç·ÕëÝÃÌùÒ³çßÝÃÔ« 30 Å¡úÌ¡¤ÚÀÆ«Åèî¾òÒúèÍÌËôüÈÊÕȺԫ¡§ÈþÚÀóÜæÚÙòæÚÔ«ÝÃÌùҳġԶç¤É¥ÎûÔ«ÅèìÁÅûÇøÇÀÍÌ¡¤ÄâÓÑÙòæÚÔ«ÝÃÌùÒ³ØíÍõ 30 Å¡úÌ¡¤
Ó¼ÓÑüÈÊÕâêÑôÉ¢äÆç·ÕëÔ«¡¨