\u5f93\u6765\u3001\u3053\u306e\u4ed5\u7d44\u307f\u306f IIS \/ ASP.NET \u3092\u5229\u7528\u3057\u3066\u69cb\u7bc9\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3057\u305f\u304c\u3001\u672c\u6a5f\u80fd\u3067\u306f CAMServer \u304c\u76f4\u63a5 Kerberos \u8a8d\u8a3c\u3092\u51e6\u7406\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001IIS \u306a\u3069\u306e\u8ffd\u52a0\u30b5\u30fc\u30d0\u3092\u7528\u610f\u3059\u308b\u3053\u3068\u306a\u304f\u3001\u3088\u308a\u30b7\u30f3\u30d7\u30eb\u306a\u69cb\u6210\u3067\u7d71\u5408 Windows \u8a8d\u8a3c\u306b\u3088\u308b SSO \u3092\u5b9f\u73fe\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n
![\"\"](\"https:\/\/chat-messenger.com\/wp-content\/themes\/swell\/assets\/img\/no_img.png\")
<\/figure><\/div>\t\t\t\t\tSSO\u30d5\u30ed\u30fc<\/h2>\n\n\n\n\n\n![\"\"](\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2026\/03\/image-8.png\")
<\/figure>\n<\/div>\n\n\n\n\nSSO\u51e6\u7406\u306e\u6d41\u308c<\/p>\n\n\n\n
- CAMServer\u3078\u30a2\u30af\u30bb\u30b9<\/strong>
\u30e6\u30fc\u30b6\u30fc\u304c\u30d6\u30e9\u30a6\u30b6\u3067CAMServer\u3078\u30a2\u30af\u30bb\u30b9\u3002\u30e6\u30a2\u30af\u30bb\u30b9\u6642\u306b\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u4e00\u6642\u30c8\u30fc\u30af\u30f3\u3092POST\u3067\u9001\u4fe1<\/li>- \u8a8d\u8a3c\u8981\u6c42<\/strong>
CAMServer\u306f\u4e00\u6642\u30c8\u30fc\u30af\u30f3\u691c\u8a3c\u5f8c\u3001\u30d6\u30e9\u30a6\u30b6\u306b\u5bfe\u3057\u3066Windows\u8a8d\u8a3c\uff08Negotiate\uff09\u3092\u8981\u6c42<\/li>- Kerberos\u30c1\u30b1\u30c3\u30c8\u53d6\u5f97<\/strong>
\u30d6\u30e9\u30a6\u30b6\u306fWindows\u30ed\u30b0\u30aa\u30f3\u60c5\u5831\u3092\u5229\u7528\u3057\u3066\u3001
Active Directory\u306eKDC\u304b\u3089Kerberos\u30b5\u30fc\u30d3\u30b9\u30c1\u30b1\u30c3\u30c8\u3092\u53d6\u5f97<\/li>- Kerberos\u30c1\u30b1\u30c3\u30c8\u9001\u4fe1<\/strong>
\u30d6\u30e9\u30a6\u30b6\u306f\u53d6\u5f97\u3057\u305fKerberos\u30c1\u30b1\u30c3\u30c8\u3092
HTTP\u30d8\u30c3\u30c0\u30fc\u306b\u4ed8\u4e0e\u3057\u3066CAMServer\u3078\u518d\u9001<\/li>- \u30c1\u30b1\u30c3\u30c8\u691c\u8a3c<\/strong>
CAMServer\u306fkeytab\u3092\u5229\u7528\u3057\u3066Kerberos\u30c1\u30b1\u30c3\u30c8\u3092\u691c\u8a3c\u3002\u691c\u8a3c\u304c\u6210\u529f\u3059\u308b\u3068\u3001\u30c1\u30b1\u30c3\u30c8\u306b\u542b\u307e\u308c\u308bKerberos principal \u3092\u53d6\u5f97<\/li>- LDAP\u691c\u7d22\u3068CAM\u30e6\u30fc\u30b6\u30fc\u7167\u5408<\/strong>
\u53d6\u5f97\u3057\u305f Kerberos principal \u304b\u3089LADP\u691c\u7d22\u3092\u884c\u3044AD\u306e\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u53d6\u5f97\u3057\u3001CAMServer\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u3068\u7167\u5408\u3002\u4e00\u81f4\u3057\u305f\u5834\u5408\u30ed\u30b0\u30a4\u30f3\u3092\u8a31\u53ef\u3059\u308b<\/li>- \u30ed\u30b0\u30a4\u30f3\u5b8c\u4e86<\/strong>
CAMServer\u306f\u30ed\u30b0\u30a4\u30f3\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u767a\u884c\u3057\u3001
\u30e6\u30fc\u30b6\u30fc\u306f\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3092\u8868\u793a\u305b\u305a\u306bCAMServer\u3092\u5229\u7528\u3067\u304d\u307e\u3059\u3002<\/li><\/ol>\n<\/div>\n<\/div>\n\n\n\nWindows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\u4ee5\u5916\u3067\u30a2\u30af\u30bb\u30b9\u3057\u305f\u5834\u5408\u3084\u3001\u30c9\u30e1\u30a4\u30f3\u306b\u53c2\u52a0\u3057\u3066\u3044\u306a\u3044PC\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306e\u5834\u5408\u306f\u3001C&M\u4e0a\u306e\u30ed\u30b0\u30a4\u30f3\u8a8d\u8a3c\u304c\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n\n\n\n
\u52d5\u4f5c\u8981\u4ef6<\/h2>\n\n\n\n
\u672c\u6a5f\u80fd\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u74b0\u5883\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n
Active Directory \u74b0\u5883<\/h3>\n\n\n\n- Active Directory \u30c9\u30e1\u30a4\u30f3\u304c\u69cb\u7bc9\u3055\u308c\u3066\u3044\u308b\u3053\u3068<\/li><\/ul>\n\n\n\n
M\u00e1y ch\u1ee7 CAM<\/h3>\n\n\n\n- Ultimate \u30d7\u30e9\u30f3<\/a>\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u3053\u3068<\/li>
- CAMServer \u306b FQDN \u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3053\u3068<\/li>
- CAMServer \u3092\u52d5\u4f5c\u3055\u305b\u308b Windows Server \u304c\u3001Active Directory \u30c9\u30e1\u30a4\u30f3\u306b\u53c2\u52a0\u3057\u3066\u3044\u308b\u3053\u3068
\u65e2\u5b58\u306eWindows Server \u304c\u53c2\u52a0\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u78ba\u8a8d\u3059\u308b\u306b\u306f\u3001\u300c\u30b5\u30fc\u30d0\u30fc\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u300d\u2192 \u5de6\u30e1\u30cb\u30e5\u30fc\u300c\u30ed\u30fc\u30ab\u30eb\u30b5\u30fc\u30d0\u30fc\u300d\u30af\u30ea\u30c3\u30af\u2192\u300c\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u540d\u300d\u3092\u30af\u30ea\u30c3\u30af\u3057\u30c9\u30e1\u30a4\u30f3\u6b04\u3092\u53c2\u7167<\/li><\/ul>\n\n\n\n\u5229\u7528\u30e6\u30fc\u30b6\u30fc<\/h3>\n\n\n\n- \u5229\u7528\u8005PC\u304c\u30c9\u30e1\u30a4\u30f3\u53c2\u52a0\u3057\u3001Windows\u3078\u30c9\u30e1\u30a4\u30f3\u30ed\u30b0\u30aa\u30f3\u3057\u3066\u3044\u308b\u3053\u3068<\/li>
- SSO\u5bfe\u8c61\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u30e6\u30fc\u30b6\u30fcID\u304c T\u00ean hi\u1ec7u tr\u01b0\u1edfng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng <\/em>(UPN \u5f62\u5f0f)\u3067 CAMServer \u306b\u4e8b\u524d\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3053\u3068 (\u4f8b user@camtest.com)<\/li><\/ul>\n\n\n\n
\u5bfe\u5fdc\u30d6\u30e9\u30a6\u30b6
<\/h3>\n\n\n\n
\u4ee5\u4e0b\u306e\u30d6\u30e9\u30a6\u30b6\u3067Windows\u8a8d\u8a3cSSO\u304c\u5229\u7528\u53ef\u80fd\u3067\u3059\u3002<\/p>\n\n\n\n
- Microsoft Edge<\/li>
- Google Chrome<\/li>
- camapp<\/a><\/li><\/ul>\n\n\n\n
\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u69cb\u6210\u306b\u3064\u3044\u3066<\/h3>\n\n\n\n
Windows\u8a8d\u8a3c\uff08Kerberos\uff09\u306f\u3001HTTP\u8a8d\u8a3c\u30d8\u30c3\u30c0\u306b\u3088\u308b\u30cd\u30b4\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3\u3092\u884c\u3046\u8a8d\u8a3c\u65b9\u5f0f\u306e\u305f\u3081\u3001CAMServer \u3092443\u30dd\u30fc\u30c8\u3067\u8d77\u52d5\u3057\u305f\u307e\u307e\u3001\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u306fL4\uff08TLS\u30d1\u30b9\u30b9\u30eb\u30fc\uff09\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n
\u63a8\u5968\u69cb\u6210<\/h4>\n\n\n\n
\u30e6\u30fc\u30b6 \u2500\u2500HTTPS\u2500\u2500\u25b6 L4\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc(TLS\u30d1\u30b9\u30b9\u30eb\u30fc) \u2500\u2500HTTPS\u2500\u2500\u25b6 CAMServer(443)<\/p>\n\n\n\n
NG\u69cb\u6210<\/h4>\n\n\n\n
\u30e6\u30fc\u30b6\u2500\u2500HTTPS\u2500\u2500\u25b6 L7\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc(SSL\u7d42\u7aef) \u2500\u2500HTTP\u2500\u2500\u25b6 CAMServer(8080)<\/p>\n\n\n\n
\u69cb\u7bc9\u624b\u9806<\/h2>\n\n\n\n
\u4ee5\u4e0b\u69cb\u7bc9\u624b\u9806\u3067\u306f\u3001\u300c\u69cb\u6210\u4f8b\u300d\u3092\u5143\u306b\u8aac\u660e\u3044\u305f\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\u69cb\u6210\u4f8b<\/h3>\n\n\n\n- Windows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\uff1a
https:\/\/test.chat-messenger.com<\/code><\/li>- Active Directory \u30c9\u30e1\u30a4\u30f3\u540d\uff1a
camtest.com<\/code><\/li>- \u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\uff1a
cam-svc@camtest.com<\/code> (CAMTEST\\cam-svc<\/code>)<\/li><\/ul>\n\n\n\nSPN\u767b\u9332\u6982\u8981<\/h3>\n\n\n\n
SPN (T\u00ean d\u1ecbch v\u1ee5 ch\u00ednh) l\u00e0 t\u00ean d\u00f9ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh duy nh\u1ea5t m\u1ed9t d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3 tr\u00ean Active Directory trong x\u00e1c th\u1ef1c Kerberos. N\u1ebfu b\u1ea1n truy c\u1eadp d\u1ecbch v\u1ee5 b\u1eb1ng FQDN, vi\u1ec7c \u0111\u0103ng k\u00fd SPN s\u1ebd cho ph\u00e9p m\u00e1y kh\u00e1ch y\u00eau c\u1ea7u th\u00e0nh c\u00f4ng phi\u1ebfu Kerberos cho d\u1ecbch v\u1ee5 b\u1ea1n \u0111ang truy c\u1eadp.<\/p>\n\n\n\n
V\u00ed d\u1ee5 https:\/\/test.chat-messenger.com<\/code> \u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u969b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\uff08\u30d6\u30e9\u30a6\u30b6\uff09\u306f Active Directory \u306b\u300cHTTP\/test.chat-messenger.com \u3068\u3044\u3046\u30b5\u30fc\u30d3\u30b9\u306b\u63a5\u7d9a\u3057\u305f\u3044\u300d\u3068\u30c1\u30b1\u30c3\u30c8\u3092\u8981\u6c42\u3057\u307e\u3059\u3002Active Directory \u306f\u3001\u305d\u306e SPN \u304c\u3069\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u7d10\u4ed8\u3044\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3057\u3001\u8a72\u5f53\u3059\u308b\u30b5\u30fc\u30d3\u30b9\u30c1\u30b1\u30c3\u30c8\u3092\u767a\u884c\u3057\u307e\u3059\u3002SPN \u304c\u6b63\u3057\u304f\u767b\u9332\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u3001Kerberos \u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3059\u3002<\/p>\n\n\n\nT\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5<\/h4>\n\n\n\n\n\nKerberos\u8a8d\u8a3c\u7528\u306e\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u30c9\u30e1\u30a4\u30f3\u30e6\u30fc\u30b6\u30fc\u3067\u3042\u308c\u3070\u53ef\u80fd\u3067\u3059\u304c\u3001\u901a\u5e38\u30e6\u30fc\u30b6\u30fc\u3068\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u5206\u96e2\u3057\u3001\u8aa4\u64cd\u4f5c\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306e\u9069\u7528\u7bc4\u56f2\u3092\u660e\u78ba\u306b\u3059\u308b\u305f\u3081\u3001OU=T\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5<\/code> Gi\u1ed1ng nh\u01b0, OU Ng\u01b0\u1eddi s\u1eed d\u1ee5ng<\/code> Kh\u00e1c v\u1edbi b\u1ed9 \u0111i\u1ec1u khi\u1ec3n mi\u1ec1n Active Directory,cam-svc<\/code> T\u1ea1o m\u1ed9t c\u00e1i m\u1edbi.<\/p>\n\n\n\nCAMServer \u3092 Windows \u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u8d77\u52d5\u3059\u308b\u969b\u306b\u3001\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u6307\u5b9a\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u540c\u3058\u30e6\u30fc\u30b6\u3092\u4f7f\u3048\u3070\u826f\u3044\u3067\u3059\u3002<\/span><\/p>\n\n\n\n\n\n\n\n\u30a2\u30ab\u30a6\u30f3\u30c8\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u4ee5\u4e0b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n
- \u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u7121\u671f\u9650\u306b\u3059\u308b<\/li>
- \u3053\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3067 Kerberos AES 256 \u30d3\u30c3\u30c8\u6697\u53f7\u5316\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b<\/li><\/ul>\n\n\n\n
\u5f8c\u8ff0\u306e ktpass<\/code> \u3067 AES256-SHA1 \u3092\u6307\u5b9a\u3059\u308b\u305f\u3081\u3001AES 256 \u30d3\u30c3\u30c8\u6697\u53f7\u5316\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u6709\u52b9\u306b\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u6307\u5b9a\u3057\u306a\u3044\u5834\u5408\u306f RC4 \u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306e\u305f\u3081\u4eca\u5f8c\u975e\u63a8\u5968\u306b\u306a\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/span><\/p>\n<\/div>\n\n\n\n\n![\"\"](\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2026\/03\/image-4.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2026\/03\/image-7.png\")
<\/figure>\n<\/div>\n<\/div>\n\n\n\n\u0110\u0103ng k\u00fd SPN v\u1edbi t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5<\/h4>\n\n\n\nsetspn -S HTTP\/test.chat-messenger.com CAMTEST\\cam-svc<\/code><\/pre><\/div>\n\n\n\n\u0110\u0103ng k\u00fd SPN b\u1eb1ng t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5 \u0111\u00e3 t\u1ea1o \u1edf tr\u00ean.<\/p>\n\n\n\n
- C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng b\u1ea5t k\u1ef3 thi\u1ebft b\u1ecb \u0111\u1ea7u cu\u1ed1i n\u00e0o l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a mi\u1ec1n. Tuy nhi\u00ean, c\u1ea7n c\u00f3 quy\u1ec1n qu\u1ea3n tr\u1ecb vi\u00ean mi\u1ec1n.
\u30fbSPN c\u0169ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong giao ti\u1ebfp HTTPS.HTTP\/t\u00ean m\u00e1y ch\u1ee7<\/code>B\u1ea1n ph\u1ea3i \u0111\u0103ng k\u00fd theo m\u1eabu sau:<\/p>\n\n\n\n\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067SPN\u304c\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
setspn -L CAMTEST\\cam-svc<\/code><\/pre><\/div>\n\n\n\nkeytab\u4f5c\u6210<\/h3>\n\n\n\n
CAMServer\u304cKerberos\u30c1\u30b1\u30c3\u30c8\u3092\u691c\u8a3c\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306ekeytab\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002Active Directory\u7ba1\u7406\u30b5\u30fc\u30d0\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
ktpass \/out CAMServer\\config\\windowsAuth\\cam.keytab \/princ HTTP\/test.chat-messenger.com@CAMTEST.COM \/mapuser CAMTEST\\cam-svc \/ptype KRB5_NT_PRINCIPAL \/crypto AES256-SHA1 \/pass "*******"<\/code><\/pre><\/div>\n\n\n\nCAMServer \u8a2d\u5b9a<\/h3>\n\n\n\n
Windows\u8a8d\u8a3c\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u3001CAMServer\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\uff08boot.ini\uff09\u3078\u4ee5\u4e0b\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002\u5404\u5024\u306f\u74b0\u5883\u6bce\u306b\u7f6e\u304d\u63db\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n
# Kerberos \u30ec\u30eb\u30e0\uff08\u901a\u5e38\u306f Active Directory \u30c9\u30e1\u30a4\u30f3\u540d\u3092\u5927\u6587\u5b57\u3067\u6307\u5b9a\uff09\n# \u4f8b: camtest.com \u30c9\u30e1\u30a4\u30f3 \u2192 CAMTEST.COM\ncam.windowsAuth.realm=CAMTEST.COM\n\n# Windows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\ncam.windowsAuth.FQDN=test.chat-messenger.com\n\n# Kerberos KDC\n# \u901a\u5e38\u306f Active Directory \u306e\u30c9\u30e1\u30a4\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306eFQDN\u3002\u30dd\u30fc\u30c8TCP\/UDP 88 \u306f Kerberos \u6a19\u6e96\u30dd\u30fc\u30c8\u3067\u30ea\u30c3\u30b9\u30f3\u3055\u308c\u3066\u3044\u308b\ncam.windowsAuth.kdc=ad.camtest.com:88\n<\/code><\/pre><\/div>\n\n\n\n\u0110\u1eb7t t\u00f9y ch\u1ecdn Internet<\/h3>\n\n\n\n\n\nCAMServer \u306eFQDN\u3092\u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u30be\u30fc\u30f3\u306b\u8ffd\u52a0 <\/h4>\n\n\n\n
\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8 \u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u9078\u629e\u3057\u3001\u300c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u300d\u30bf\u30d6\u3092\u30af\u30ea\u30c3\u30af\u3057\u3001\u300c\u30ed\u30fc\u30ab\u30eb \u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u300d\u3092\u9078\u629e \u300c\u30b5\u30a4\u30c8\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u3001\u300c\u8a73\u7d30\u8a2d\u5b9a\u300d\u3092\u9078\u629e\u3057\u30b5\u30a4\u30c8\u306eURL(https:\/\/test.chat-messenger.com)\u3092\u8ffd\u52a0<\/p>\n\n\n\n
Ki\u1ec3m tra \u0111\u0103ng nh\u1eadp t\u1ef1 \u0111\u1ed9ng <\/h4>\n\n\n\n
Nh\u1ea5p v\u00e0o "C\u1ea5p t\u00f9y ch\u1ec9nh" v\u00e0 trong "X\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng" \u2192 "\u0110\u0103ng nh\u1eadp", \u0111\u1ea3m b\u1ea3o "\u0110\u0103ng nh\u1eadp t\u1ef1 \u0111\u1ed9ng trong v\u00f9ng m\u1ea1ng n\u1ed9i b\u1ed9" \u0111\u01b0\u1ee3c ch\u1ecdn.<\/p>\n\n\n\n
C\u00e0i \u0111\u1eb7t n\u00e0y l\u00e0 b\u1eaft bu\u1ed9c tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c thi\u1ebft b\u1ecb \u0111\u1ea7u cu\u1ed1i m\u00e1y kh\u00e1ch c\u1ee7a ng\u01b0\u1eddi d\u00f9ng C&M nh\u01b0ng n\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd t\u1eadp trung b\u1eb1ng B\u1ea3ng \u0111i\u1ec1u khi\u1ec3n qu\u1ea3n l\u00fd ch\u00ednh s\u00e1ch nh\u00f3m.<\/span><\/p>\n<\/div>\n\n\n\n\n![\"\"](\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2025\/01\/image-9.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/chat-messenger.com\/wp-content\/uploads\/2025\/01\/image-10.png\")
<\/figure>\n<\/div>\n<\/div>\n\n\n\nIIS\u306e\u7d71\u5408Windows\u8a8d\u8a3c\u3092\u4f7f\u3063\u305fSSO\u304b\u3089\u306e\u79fb\u884c<\/h2>\n\n\n\n- IIS\u6a5f\u80fd\u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\uff08\u30b5\u30fc\u30d0\u30fc\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e \u300c\u7ba1\u7406\u300d>\u300c\u5f79\u5272\u3068\u6a5f\u80fd\u306e\u524a\u9664\u300d<\/li>
- ASP.NET Core Hosting Bundle \u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/li>
- \u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u300c\u3053\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3067 Kerberos AES 256 \u30d3\u30c3\u30c8\u6697\u53f7\u5316\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b<\/a>\u300d\u30c1\u30a7\u30c3\u30af<\/li>
- keytab <\/a>t\u1ea1o n\u00ean<\/li>
- \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8 \u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u3067\u3001\u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u30be\u30fc\u30f3\u306b\u8ffd\u52a0 CAMServer \u306eFQDN\u3092\u8ffd\u52a0\uff08\u672a\u8ffd\u52a0\u306e\u5834\u5408\uff09<\/li>
- \u00a0\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u304cL7\u3067 CAMServer \u3068\u9023\u643a\u3057\u3066\u3044\u305f\u5834\u5408\u306f\u3001CAMServer \u306b\uff33SL\u8a3c\u660e\u66f8\u3092\u914d\u7f6e\u3057L4\u3067\u9023\u643a<\/li><\/ol>","protected":false},"excerpt":{"rendered":"
\u6982\u8981 Active Directory \u74b0\u5883\u3067\u306f\u3001\u7d71\u5408 Windows \u8a8d\u8a3c\uff08Kerberos\uff09 \u3092\u5229\u7528\u3059\u308b\u3053 […]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"swell_btn_cv_data":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts\/12579"}],"collection":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/comments?post=12579"}],"version-history":[{"count":10,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts\/12579\/revisions"}],"predecessor-version":[{"id":12676,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts\/12579\/revisions\/12676"}],"wp:attachment":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/media?parent=12579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/categories?post=12579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/tags?post=12579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/figure>\n<\/div>\n\n\n\nSSO\u51e6\u7406\u306e\u6d41\u308c<\/p>\n\n\n\n
- CAMServer\u3078\u30a2\u30af\u30bb\u30b9<\/strong>
\u30e6\u30fc\u30b6\u30fc\u304c\u30d6\u30e9\u30a6\u30b6\u3067CAMServer\u3078\u30a2\u30af\u30bb\u30b9\u3002\u30e6\u30a2\u30af\u30bb\u30b9\u6642\u306b\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u4e00\u6642\u30c8\u30fc\u30af\u30f3\u3092POST\u3067\u9001\u4fe1<\/li>- \u8a8d\u8a3c\u8981\u6c42<\/strong>
CAMServer\u306f\u4e00\u6642\u30c8\u30fc\u30af\u30f3\u691c\u8a3c\u5f8c\u3001\u30d6\u30e9\u30a6\u30b6\u306b\u5bfe\u3057\u3066Windows\u8a8d\u8a3c\uff08Negotiate\uff09\u3092\u8981\u6c42<\/li>- Kerberos\u30c1\u30b1\u30c3\u30c8\u53d6\u5f97<\/strong>
\u30d6\u30e9\u30a6\u30b6\u306fWindows\u30ed\u30b0\u30aa\u30f3\u60c5\u5831\u3092\u5229\u7528\u3057\u3066\u3001
Active Directory\u306eKDC\u304b\u3089Kerberos\u30b5\u30fc\u30d3\u30b9\u30c1\u30b1\u30c3\u30c8\u3092\u53d6\u5f97<\/li>- Kerberos\u30c1\u30b1\u30c3\u30c8\u9001\u4fe1<\/strong>
\u30d6\u30e9\u30a6\u30b6\u306f\u53d6\u5f97\u3057\u305fKerberos\u30c1\u30b1\u30c3\u30c8\u3092
HTTP\u30d8\u30c3\u30c0\u30fc\u306b\u4ed8\u4e0e\u3057\u3066CAMServer\u3078\u518d\u9001<\/li>- \u30c1\u30b1\u30c3\u30c8\u691c\u8a3c<\/strong>
CAMServer\u306fkeytab\u3092\u5229\u7528\u3057\u3066Kerberos\u30c1\u30b1\u30c3\u30c8\u3092\u691c\u8a3c\u3002\u691c\u8a3c\u304c\u6210\u529f\u3059\u308b\u3068\u3001\u30c1\u30b1\u30c3\u30c8\u306b\u542b\u307e\u308c\u308bKerberos principal \u3092\u53d6\u5f97<\/li>- LDAP\u691c\u7d22\u3068CAM\u30e6\u30fc\u30b6\u30fc\u7167\u5408<\/strong>
\u53d6\u5f97\u3057\u305f Kerberos principal \u304b\u3089LADP\u691c\u7d22\u3092\u884c\u3044AD\u306e\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u53d6\u5f97\u3057\u3001CAMServer\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u3068\u7167\u5408\u3002\u4e00\u81f4\u3057\u305f\u5834\u5408\u30ed\u30b0\u30a4\u30f3\u3092\u8a31\u53ef\u3059\u308b<\/li>- \u30ed\u30b0\u30a4\u30f3\u5b8c\u4e86<\/strong>
CAMServer\u306f\u30ed\u30b0\u30a4\u30f3\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u767a\u884c\u3057\u3001
\u30e6\u30fc\u30b6\u30fc\u306f\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3092\u8868\u793a\u305b\u305a\u306bCAMServer\u3092\u5229\u7528\u3067\u304d\u307e\u3059\u3002<\/li><\/ol>\n<\/div>\n<\/div>\n\n\n\nWindows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\u4ee5\u5916\u3067\u30a2\u30af\u30bb\u30b9\u3057\u305f\u5834\u5408\u3084\u3001\u30c9\u30e1\u30a4\u30f3\u306b\u53c2\u52a0\u3057\u3066\u3044\u306a\u3044PC\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306e\u5834\u5408\u306f\u3001C&M\u4e0a\u306e\u30ed\u30b0\u30a4\u30f3\u8a8d\u8a3c\u304c\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n\n\n\n
\u52d5\u4f5c\u8981\u4ef6<\/h2>\n\n\n\n
\u672c\u6a5f\u80fd\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u74b0\u5883\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n
Active Directory \u74b0\u5883<\/h3>\n\n\n\n
- Active Directory \u30c9\u30e1\u30a4\u30f3\u304c\u69cb\u7bc9\u3055\u308c\u3066\u3044\u308b\u3053\u3068<\/li><\/ul>\n\n\n\n
M\u00e1y ch\u1ee7 CAM<\/h3>\n\n\n\n
- Ultimate \u30d7\u30e9\u30f3<\/a>\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u3053\u3068<\/li>
- CAMServer \u306b FQDN \u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3053\u3068<\/li>
- CAMServer \u3092\u52d5\u4f5c\u3055\u305b\u308b Windows Server \u304c\u3001Active Directory \u30c9\u30e1\u30a4\u30f3\u306b\u53c2\u52a0\u3057\u3066\u3044\u308b\u3053\u3068
\u65e2\u5b58\u306eWindows Server \u304c\u53c2\u52a0\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u78ba\u8a8d\u3059\u308b\u306b\u306f\u3001\u300c\u30b5\u30fc\u30d0\u30fc\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u300d\u2192 \u5de6\u30e1\u30cb\u30e5\u30fc\u300c\u30ed\u30fc\u30ab\u30eb\u30b5\u30fc\u30d0\u30fc\u300d\u30af\u30ea\u30c3\u30af\u2192\u300c\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u540d\u300d\u3092\u30af\u30ea\u30c3\u30af\u3057\u30c9\u30e1\u30a4\u30f3\u6b04\u3092\u53c2\u7167<\/li><\/ul>\n\n\n\n\u5229\u7528\u30e6\u30fc\u30b6\u30fc<\/h3>\n\n\n\n
- \u5229\u7528\u8005PC\u304c\u30c9\u30e1\u30a4\u30f3\u53c2\u52a0\u3057\u3001Windows\u3078\u30c9\u30e1\u30a4\u30f3\u30ed\u30b0\u30aa\u30f3\u3057\u3066\u3044\u308b\u3053\u3068<\/li>
- SSO\u5bfe\u8c61\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u30e6\u30fc\u30b6\u30fcID\u304c T\u00ean hi\u1ec7u tr\u01b0\u1edfng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng <\/em>(UPN \u5f62\u5f0f)\u3067 CAMServer \u306b\u4e8b\u524d\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3053\u3068 (\u4f8b user@camtest.com)<\/li><\/ul>\n\n\n\n
\u5bfe\u5fdc\u30d6\u30e9\u30a6\u30b6
<\/h3>\n\n\n\n\u4ee5\u4e0b\u306e\u30d6\u30e9\u30a6\u30b6\u3067Windows\u8a8d\u8a3cSSO\u304c\u5229\u7528\u53ef\u80fd\u3067\u3059\u3002<\/p>\n\n\n\n
- Microsoft Edge<\/li>
- Google Chrome<\/li>
- camapp<\/a><\/li><\/ul>\n\n\n\n
\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u69cb\u6210\u306b\u3064\u3044\u3066<\/h3>\n\n\n\n
Windows\u8a8d\u8a3c\uff08Kerberos\uff09\u306f\u3001HTTP\u8a8d\u8a3c\u30d8\u30c3\u30c0\u306b\u3088\u308b\u30cd\u30b4\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3\u3092\u884c\u3046\u8a8d\u8a3c\u65b9\u5f0f\u306e\u305f\u3081\u3001CAMServer \u3092443\u30dd\u30fc\u30c8\u3067\u8d77\u52d5\u3057\u305f\u307e\u307e\u3001\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u306fL4\uff08TLS\u30d1\u30b9\u30b9\u30eb\u30fc\uff09\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n
\u63a8\u5968\u69cb\u6210<\/h4>\n\n\n\n
\u30e6\u30fc\u30b6 \u2500\u2500HTTPS\u2500\u2500\u25b6 L4\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc(TLS\u30d1\u30b9\u30b9\u30eb\u30fc) \u2500\u2500HTTPS\u2500\u2500\u25b6 CAMServer(443)<\/p>\n\n\n\n
NG\u69cb\u6210<\/h4>\n\n\n\n
\u30e6\u30fc\u30b6\u2500\u2500HTTPS\u2500\u2500\u25b6 L7\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc(SSL\u7d42\u7aef) \u2500\u2500HTTP\u2500\u2500\u25b6 CAMServer(8080)<\/p>\n\n\n\n
\u69cb\u7bc9\u624b\u9806<\/h2>\n\n\n\n
\u4ee5\u4e0b\u69cb\u7bc9\u624b\u9806\u3067\u306f\u3001\u300c\u69cb\u6210\u4f8b\u300d\u3092\u5143\u306b\u8aac\u660e\u3044\u305f\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\u69cb\u6210\u4f8b<\/h3>\n\n\n\n
- Windows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\uff1a
https:\/\/test.chat-messenger.com<\/code><\/li>- Active Directory \u30c9\u30e1\u30a4\u30f3\u540d\uff1a
camtest.com<\/code><\/li>- \u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\uff1a
cam-svc@camtest.com<\/code> (CAMTEST\\cam-svc<\/code>)<\/li><\/ul>\n\n\n\nSPN\u767b\u9332\u6982\u8981<\/h3>\n\n\n\n
SPN (T\u00ean d\u1ecbch v\u1ee5 ch\u00ednh) l\u00e0 t\u00ean d\u00f9ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh duy nh\u1ea5t m\u1ed9t d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3 tr\u00ean Active Directory trong x\u00e1c th\u1ef1c Kerberos. N\u1ebfu b\u1ea1n truy c\u1eadp d\u1ecbch v\u1ee5 b\u1eb1ng FQDN, vi\u1ec7c \u0111\u0103ng k\u00fd SPN s\u1ebd cho ph\u00e9p m\u00e1y kh\u00e1ch y\u00eau c\u1ea7u th\u00e0nh c\u00f4ng phi\u1ebfu Kerberos cho d\u1ecbch v\u1ee5 b\u1ea1n \u0111ang truy c\u1eadp.<\/p>\n\n\n\n
V\u00ed d\u1ee5
https:\/\/test.chat-messenger.com<\/code> \u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u969b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\uff08\u30d6\u30e9\u30a6\u30b6\uff09\u306f Active Directory \u306b\u300cHTTP\/test.chat-messenger.com \u3068\u3044\u3046\u30b5\u30fc\u30d3\u30b9\u306b\u63a5\u7d9a\u3057\u305f\u3044\u300d\u3068\u30c1\u30b1\u30c3\u30c8\u3092\u8981\u6c42\u3057\u307e\u3059\u3002Active Directory \u306f\u3001\u305d\u306e SPN \u304c\u3069\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u7d10\u4ed8\u3044\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3057\u3001\u8a72\u5f53\u3059\u308b\u30b5\u30fc\u30d3\u30b9\u30c1\u30b1\u30c3\u30c8\u3092\u767a\u884c\u3057\u307e\u3059\u3002SPN \u304c\u6b63\u3057\u304f\u767b\u9332\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u3001Kerberos \u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3059\u3002<\/p>\n\n\n\nT\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5<\/h4>\n\n\n\n
\n\nKerberos\u8a8d\u8a3c\u7528\u306e\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u30c9\u30e1\u30a4\u30f3\u30e6\u30fc\u30b6\u30fc\u3067\u3042\u308c\u3070\u53ef\u80fd\u3067\u3059\u304c\u3001\u901a\u5e38\u30e6\u30fc\u30b6\u30fc\u3068\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u5206\u96e2\u3057\u3001\u8aa4\u64cd\u4f5c\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306e\u9069\u7528\u7bc4\u56f2\u3092\u660e\u78ba\u306b\u3059\u308b\u305f\u3081\u3001
OU=T\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5<\/code> Gi\u1ed1ng nh\u01b0, OUNg\u01b0\u1eddi s\u1eed d\u1ee5ng<\/code> Kh\u00e1c v\u1edbi b\u1ed9 \u0111i\u1ec1u khi\u1ec3n mi\u1ec1n Active Directory,cam-svc<\/code> T\u1ea1o m\u1ed9t c\u00e1i m\u1edbi.<\/p>\n\n\n\nCAMServer \u3092 Windows \u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u8d77\u52d5\u3059\u308b\u969b\u306b\u3001\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u6307\u5b9a\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u540c\u3058\u30e6\u30fc\u30b6\u3092\u4f7f\u3048\u3070\u826f\u3044\u3067\u3059\u3002<\/span><\/p>\n\n\n\n\n\n\n\n
\u30a2\u30ab\u30a6\u30f3\u30c8\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u4ee5\u4e0b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n
- \u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u7121\u671f\u9650\u306b\u3059\u308b<\/li>
- \u3053\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3067 Kerberos AES 256 \u30d3\u30c3\u30c8\u6697\u53f7\u5316\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b<\/li><\/ul>\n\n\n\n
\u5f8c\u8ff0\u306e
ktpass<\/code> \u3067 AES256-SHA1 \u3092\u6307\u5b9a\u3059\u308b\u305f\u3081\u3001AES 256 \u30d3\u30c3\u30c8\u6697\u53f7\u5316\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u6709\u52b9\u306b\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u6307\u5b9a\u3057\u306a\u3044\u5834\u5408\u306f RC4 \u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306e\u305f\u3081\u4eca\u5f8c\u975e\u63a8\u5968\u306b\u306a\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/span><\/p>\n<\/div>\n\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n<\/div>\n<\/div>\n\n\n\n\u0110\u0103ng k\u00fd SPN v\u1edbi t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5<\/h4>\n\n\n\n
setspn -S HTTP\/test.chat-messenger.com CAMTEST\\cam-svc<\/code><\/pre><\/div>\n\n\n\n\u0110\u0103ng k\u00fd SPN b\u1eb1ng t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5 \u0111\u00e3 t\u1ea1o \u1edf tr\u00ean.<\/p>\n\n\n\n
- C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng b\u1ea5t k\u1ef3 thi\u1ebft b\u1ecb \u0111\u1ea7u cu\u1ed1i n\u00e0o l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a mi\u1ec1n. Tuy nhi\u00ean, c\u1ea7n c\u00f3 quy\u1ec1n qu\u1ea3n tr\u1ecb vi\u00ean mi\u1ec1n.
\u30fbSPN c\u0169ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong giao ti\u1ebfp HTTPS.HTTP\/t\u00ean m\u00e1y ch\u1ee7<\/code>B\u1ea1n ph\u1ea3i \u0111\u0103ng k\u00fd theo m\u1eabu sau:<\/p>\n\n\n\n\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067SPN\u304c\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
setspn -L CAMTEST\\cam-svc<\/code><\/pre><\/div>\n\n\n\nkeytab\u4f5c\u6210<\/h3>\n\n\n\n
CAMServer\u304cKerberos\u30c1\u30b1\u30c3\u30c8\u3092\u691c\u8a3c\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306ekeytab\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002Active Directory\u7ba1\u7406\u30b5\u30fc\u30d0\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
ktpass \/out CAMServer\\config\\windowsAuth\\cam.keytab \/princ HTTP\/test.chat-messenger.com@CAMTEST.COM \/mapuser CAMTEST\\cam-svc \/ptype KRB5_NT_PRINCIPAL \/crypto AES256-SHA1 \/pass "*******"<\/code><\/pre><\/div>\n\n\n\nCAMServer \u8a2d\u5b9a<\/h3>\n\n\n\n
Windows\u8a8d\u8a3c\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u3001CAMServer\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\uff08boot.ini\uff09\u3078\u4ee5\u4e0b\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002\u5404\u5024\u306f\u74b0\u5883\u6bce\u306b\u7f6e\u304d\u63db\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n
# Kerberos \u30ec\u30eb\u30e0\uff08\u901a\u5e38\u306f Active Directory \u30c9\u30e1\u30a4\u30f3\u540d\u3092\u5927\u6587\u5b57\u3067\u6307\u5b9a\uff09\n# \u4f8b: camtest.com \u30c9\u30e1\u30a4\u30f3 \u2192 CAMTEST.COM\ncam.windowsAuth.realm=CAMTEST.COM\n\n# Windows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\ncam.windowsAuth.FQDN=test.chat-messenger.com\n\n# Kerberos KDC\n# \u901a\u5e38\u306f Active Directory \u306e\u30c9\u30e1\u30a4\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306eFQDN\u3002\u30dd\u30fc\u30c8TCP\/UDP 88 \u306f Kerberos \u6a19\u6e96\u30dd\u30fc\u30c8\u3067\u30ea\u30c3\u30b9\u30f3\u3055\u308c\u3066\u3044\u308b\ncam.windowsAuth.kdc=ad.camtest.com:88\n<\/code><\/pre><\/div>\n\n\n\n\u0110\u1eb7t t\u00f9y ch\u1ecdn Internet<\/h3>\n\n\n\n
\n\nCAMServer \u306eFQDN\u3092\u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u30be\u30fc\u30f3\u306b\u8ffd\u52a0 <\/h4>\n\n\n\n
\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8 \u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u9078\u629e\u3057\u3001\u300c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u300d\u30bf\u30d6\u3092\u30af\u30ea\u30c3\u30af\u3057\u3001\u300c\u30ed\u30fc\u30ab\u30eb \u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u300d\u3092\u9078\u629e \u300c\u30b5\u30a4\u30c8\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u3001\u300c\u8a73\u7d30\u8a2d\u5b9a\u300d\u3092\u9078\u629e\u3057\u30b5\u30a4\u30c8\u306eURL(https:\/\/test.chat-messenger.com)\u3092\u8ffd\u52a0<\/p>\n\n\n\n
Ki\u1ec3m tra \u0111\u0103ng nh\u1eadp t\u1ef1 \u0111\u1ed9ng <\/h4>\n\n\n\n
Nh\u1ea5p v\u00e0o "C\u1ea5p t\u00f9y ch\u1ec9nh" v\u00e0 trong "X\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng" \u2192 "\u0110\u0103ng nh\u1eadp", \u0111\u1ea3m b\u1ea3o "\u0110\u0103ng nh\u1eadp t\u1ef1 \u0111\u1ed9ng trong v\u00f9ng m\u1ea1ng n\u1ed9i b\u1ed9" \u0111\u01b0\u1ee3c ch\u1ecdn.<\/p>\n\n\n\n
C\u00e0i \u0111\u1eb7t n\u00e0y l\u00e0 b\u1eaft bu\u1ed9c tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c thi\u1ebft b\u1ecb \u0111\u1ea7u cu\u1ed1i m\u00e1y kh\u00e1ch c\u1ee7a ng\u01b0\u1eddi d\u00f9ng C&M nh\u01b0ng n\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd t\u1eadp trung b\u1eb1ng B\u1ea3ng \u0111i\u1ec1u khi\u1ec3n qu\u1ea3n l\u00fd ch\u00ednh s\u00e1ch nh\u00f3m.<\/span><\/p>\n<\/div>\n\n\n\n
\n<\/figure>\n\n\n\n<\/figure>\n<\/div>\n<\/div>\n\n\n\nIIS\u306e\u7d71\u5408Windows\u8a8d\u8a3c\u3092\u4f7f\u3063\u305fSSO\u304b\u3089\u306e\u79fb\u884c<\/h2>\n\n\n\n
- IIS\u6a5f\u80fd\u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\uff08\u30b5\u30fc\u30d0\u30fc\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306e \u300c\u7ba1\u7406\u300d>\u300c\u5f79\u5272\u3068\u6a5f\u80fd\u306e\u524a\u9664\u300d<\/li>
- ASP.NET Core Hosting Bundle \u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/li>
- \u30b5\u30fc\u30d3\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u300c\u3053\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3067 Kerberos AES 256 \u30d3\u30c3\u30c8\u6697\u53f7\u5316\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b<\/a>\u300d\u30c1\u30a7\u30c3\u30af<\/li>
- keytab <\/a>t\u1ea1o n\u00ean<\/li>
- \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8 \u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u3067\u3001\u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u30be\u30fc\u30f3\u306b\u8ffd\u52a0 CAMServer \u306eFQDN\u3092\u8ffd\u52a0\uff08\u672a\u8ffd\u52a0\u306e\u5834\u5408\uff09<\/li>
- \u00a0\u30ed\u30fc\u30c9\u30d0\u30e9\u30f3\u30b5\u30fc\u304cL7\u3067 CAMServer \u3068\u9023\u643a\u3057\u3066\u3044\u305f\u5834\u5408\u306f\u3001CAMServer \u306b\uff33SL\u8a3c\u660e\u66f8\u3092\u914d\u7f6e\u3057L4\u3067\u9023\u643a<\/li><\/ol>","protected":false},"excerpt":{"rendered":"
\u6982\u8981 Active Directory \u74b0\u5883\u3067\u306f\u3001\u7d71\u5408 Windows \u8a8d\u8a3c\uff08Kerberos\uff09 \u3092\u5229\u7528\u3059\u308b\u3053 […]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"swell_btn_cv_data":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts\/12579"}],"collection":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/comments?post=12579"}],"version-history":[{"count":10,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts\/12579\/revisions"}],"predecessor-version":[{"id":12676,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/posts\/12579\/revisions\/12676"}],"wp:attachment":[{"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/media?parent=12579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/categories?post=12579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chat-messenger.com\/vi\/wp-json\/wp\/v2\/tags?post=12579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- keytab <\/a>t\u1ea1o n\u00ean<\/li>
- Active Directory \u30c9\u30e1\u30a4\u30f3\u540d\uff1a
- Windows\u8a8d\u8a3c\u3092\u884c\u3046FQDN\uff1a
- Ultimate \u30d7\u30e9\u30f3<\/a>\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u3053\u3068<\/li>
- \u8a8d\u8a3c\u8981\u6c42<\/strong>