プライベートCA Glas ホワイトペーパー ??含まれる Active Directory フェデレーションサービスで認証をおこな う環境を構築するための設定例を記載します。 本書に記載の内容は、弊社の検証環境における動作を確認したものであり、あら ゆる環境での動作を保証するもの ...

  • Published on
    28-Mar-2018

  • View
    226

  • Download
    7

Transcript

Copyright by JCCH Security Solution Systems Co., Ltd., All Rights reserved CA Glas Office365 Active Directory AD FS Office Ver.1.0 2016 9 Copyright by JCCH Security Solution Systems Co., Ltd., All Rights reserved JCCHJS3 JCCHGlas JCCH Microsoft Corporation CA Glas Office365 ADFS 3 / 25 1. ................................................................................................................................ 4 1.1. ................................................................................................................ 4 1.2. ......................................................................................................... 4 1.3. ......................................................................................................... 5 1.4. ......................................................................... 6 2. .............................................................................................. 6 2.1. NTauth ............................................................ 6 3. ADFS ............................................................................................................ 9 3.1. SSL ................................................................................... 9 3.2. SSL .............................................................................................11 3.3. MFA .........................................................................................11 4. WAP ...................................................................................................................... 12 4.1. SSL ................................................................................. 12 4.2. SSL ............................................................................................ 12 5. Glas PC .................................................................................................. 12 6. PC ..................................................................................................... 13 6.1. .............................................................................. 13 6.2. Office365 ......................................................................... 14 6.3. Office365 Office .................................................................. 16 7. Glas iPhone ........................................................................................... 18 8. iPhone .............................................................................................. 20 8.1. .............................................................................. 20 8.2. OTA .............................................. 22 8.3. Office365 ............................................................................................. 22 9. ....................................................................................................................... 25 10. ....................................................................................................................... 25 CA Glas Office365 ADFS 4 / 25 1. 1.1. CA GlasMicrosoft Corporation Office 365 Window Server Active Directory 1.2. Microsoft Windows Server 2012 R2 Standard Windows Server 2012 R2 Standard / Active Directory ADFS Windows Server 2012 R2 Standard / Web Application Proxy WAP JS3 CA Glas 1.13.103 Glas SaaSOffice 365 Enterprise E3 Office365 Windows 10 Pro / Internet Explorer 11 / Excel 2016 PC iPhone6iOS 10.0.1/ Outlook 2.5.0 / Microsoft Authenticator 4.0.7 iPhone CA Glas Office365 ADFS 5 / 25 iOSMicrosoft Authenticator Windows ServerWindows ADFSWAP Office365ADFSWAP Office365ADFSWAP Glas PCiPhone 1.3. 1. GlasADFSWAPSSLPCiPhone2. PCOfficeExcel 2016Office365ADFSWAP 3. iPhoneOfficeOutlookOffice365WAP 4. ADFS Office365 Office365Office CA Glas Office365 ADFS 6 / 25 1.4. Glas ADFSWAPSSLADFS[]Glas[] [ADFS][][(E)][] Active Directory CRL 2. 2.1. NTauth Glas Windows NTauth CA Glas Office365 ADFS 7 / 25 certutil -dspublish -f [filename] NTAuthCA [filename] HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\NTAuth\Certificates gpupdate ADFS gpupdate NTauth GUI [][] CA Glas Office365 ADFS 8 / 25 MMC[ PKI] PKI [AD (A)][NTAuthCetificates][(A)] CA Glas Office365 ADFS 9 / 25 NTauth 3. ADFS 3.1. SSL Glas PKCS#12 ADFS MMC [(F)] > [(N)][] [ (C)][(L)][] CA Glas Office365 ADFS 10 / 25 [] > [][(K)] > [(I)] [(N)] Glas PKCS#12 p12[(N)] Glas PKCS#12 [(N)] CA Glas Office365 ADFS 11 / 25 [(U)][(N)] [] 3.2. SSL Windows Powershell Set-AdfsSslCertificate -Thumbprint [] 3.1 Get-ChildItem Cert:LocalMachineMy Get-AdfsSslCertificate 3.3. MFA [AD FS ][][][] [] [][] CA Glas Office365 ADFS 12 / 25 4. WAP 4.1. SSL 3.1 WAP 4.2. SSL Windows Powershell Set-WebApplicationProxySslCertificate -Thumbprint [] 4.1 Get-ChildItem Cert:LocalMachineMy Get-WebApplicationProxySslCertificate 5. GlasPC GlasUAPC CA Glas Office365 ADFS 13 / 25 Glas GlasRA[][]UA [][] [] [][] [] [] [] 6. PC 6.1. Internet ExplorerGlasUA GlasID[] CA Glas Office365 ADFS 14 / 25 ActiveX[]6.2. Office365 Internet ExplorerOffice365IDADFS CA Glas Office365 ADFS 15 / 25 ADFS ADFSIEWindows CA Glas Office365 ADFS 16 / 25 Office365 6.3. Office365 Office Excel 2016[] Office365ID CA Glas Office365 ADFS 17 / 25 ADFS CA Glas Office365 ADFS 18 / 25 OneDriveSharePoint OnlineOffice7. Glas iPhone Glas iPhone Glas GlasRA[][]UA [][] [] [()][] GlasUA CA Glas Office365 ADFS 19 / 25 [] [][iPhone/iPad][iPhone/iPadUA] [iPhone] [] iPhone [][] []iPhoneiPhone [] Glas CA Glas Office365 ADFS 20 / 25 8. iPhone 8.1. iPhoneSafariGlasUA ID [][] [] CA Glas Office365 ADFS 21 / 25 [] Glas[] UA[]UA CA Glas Office365 ADFS 22 / 25 iPhone []UA8.2. OTA GlasiOSOver The AirOTAOTA8.3. Office365 Outlook CA Glas Office365 ADFS 23 / 25 Microsoft Authenticator ADFS CA Glas Office365 ADFS 24 / 25 [] Office365 OneDrive Microsoft Authenticator Azure AD Microsoft Authenticator Office CA Glas Office365 ADFS 25 / 25 9. ADFSadminWindows ServerCRLADFSCRLcertutil -urlcache crl delete certutil -setreg chainChainCacheResyncFiletime @now net stop cryptsvc net start cryptsvc 10. Glas JCCH Tel: 050-3821-2195 Mail: sales@jcch-sss.com : : http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/X509Certificate % : ID4070: X.509 'DC=JCCH-SSS, DC=COM, CN=testuser2@domainname.local' certificateValidationMode '

Recommended

View more >