{"id":43470,"date":"2021-08-05T14:00:49","date_gmt":"2021-08-05T05:00:49","guid":{"rendered":"https:\/\/www.creationline.com\/?p=43470"},"modified":"2021-11-19T05:20:04","modified_gmt":"2021-11-18T20:20:04","slug":"keycloak14-0-0%e3%81%a7%e8%a9%a6%e3%81%99-openid-connect-ciba%e3%80%80keycloak-ciba-oauth-oidc","status":"publish","type":"post","link":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470","title":{"rendered":"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc"},"content":{"rendered":"<h2>1. \u76ee\u6b21<\/h2>\n<hr \/>\n<ol>\n<li>\u76ee\u6b21<\/li>\n<li>\u6982\u8981<\/li>\n<li>CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f<\/li>\n<li>\u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e<\/li>\n<li>\u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e<\/li>\n<li>CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d<\/li>\n<li>\u30ea\u30af\u30a8\u30b9\u30c8\u30d9\u30fc\u30b9\u3067\u306e\u89e3\u8aac<\/li>\n<li>\n<div>\n<div>\u5f8c\u66f8\u304d<\/div>\n<\/div>\n<div><\/div>\n<\/li>\n<\/ol>\n<h2>2. \u6982\u8981<\/h2>\n<hr \/>\n<p>shiba \u30c1\u30fc\u30e0\u306e\u4e2d\u6751\u3067\u3059\u3002\u4eca\u56de\u306f6\u670818\u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f Keycloak14.0.0 \u3092\u7528\u3044\u3066OpenID Connect Client Initiated Backchannel Authentication(CIBA)\u3092\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n<p>CIBA\u306e\u30b5\u30dd\u30fc\u30c8\u306fKeycloak\u306e\u30d0\u30fc\u30b8\u30e7\u30f313.0.0\u304b\u3089\u6709\u52b9\u5316\u3055\u308c\u307e\u3057\u305f\u304c\u3001\u73fe\u5728\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30d7\u30ec\u30d3\u30e5\u30fc\u306e\u72b6\u614b\u3067\u3042\u308a\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u7121\u52b9\u3067\u3042\u3063\u305f\u308a\u3001\u7ba1\u7406\u753b\u9762\u306eGUI\u4e0a\u306e\u5909\u66f4\u3060\u3051\u3067\u306f\u8a2d\u5b9a\u3067\u304d\u306a\u3044\u9805\u76ee\u306a\u3069\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u7686\u3055\u3093\u3078\u306e\u5171\u6709\u306e\u305f\u3081\u306b\u3053\u306e\u8a18\u4e8b\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.keycloak.org\/2021\/05\/keycloak-1300-released.html\">Keycloak 13.0.0 released<\/a><\/li>\n<li><a href=\"https:\/\/www.keycloak.org\/2021\/06\/keycloak-1400-released.html\">Keycloak 14.0.0 released<\/a><\/li>\n<\/ul>\n<h3>\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240<\/h3>\n<p>\u307e\u305f\u3001\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u4e3b\u306b\u4e0b\u8a18\u306e\u90e8\u5206\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li>Keycloak\u3067CIBA\u3092\u6709\u52b9\u306b\u3059\u308b\u8a2d\u5b9a<\/li>\n<li>Keycloak\u3067CIBA\u3092\u8a66\u3059\u969b\u306e\n<ul>\n<li>\u5909\u66f4\u30fb\u78ba\u8a8d\u304c\u7279\u306b\u5fc5\u8981\u306a\u8a2d\u5b9a<\/li>\n<li>\u7c21\u6613\u30b7\u30fc\u30b1\u30f3\u30b9\u56f3<\/li>\n<li>curl\u30b3\u30de\u30f3\u30c9\u306e\u30b5\u30f3\u30d7\u30eb \u53ca\u3073 \u5404\u30d5\u30a3\u30fc\u30eb\u30c9\u306e\u8aac\u660e<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240<\/h3>\n<p>\u4e0b\u8a18\u306e\u5185\u5bb9\u306b\u3064\u3044\u3066\u306f\u8a73\u7d30\u306a\u89e3\u8aac\u306f\u5272\u611b\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3059\u3002\u53c2\u8003\u306b\u306a\u308b\u516c\u5f0f\u306e\u30ea\u30f3\u30af\u3092\u8cbc\u3063\u3066\u304a\u3044\u305f\u306e\u3067\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u78ba\u8a8d\u304a\u9858\u3044\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>Keycloak\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3067\u660e\u3089\u304b\u306b\u660e\u78ba\u306a\u624b\u9806\u306e\u8a73\u7d30\u306a\u89e3\u8aac\n<ul>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/getting_started\/index.html#logging-into-the-admin-console\">\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u3078\u306e\u30ed\u30b0\u30a4\u30f3<\/a><\/li>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/getting_started\/index.html#creating-a-realm\">\u30ec\u30eb\u30e0\u306e\u4f5c\u6210\u65b9\u6cd5<\/a><\/li>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/getting_started\/index.html#creating-a-user\">\u30e6\u30fc\u30b6\u30fc\u306e\u4f5c\u6210\u65b9\u6cd5 <\/a><\/li>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/getting_started\/index.html#registering-the-wildfly-application\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210\u65b9\u6cd5<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/railsguides.jp\/getting_started.html\">\u88dc\u52a9\u3068\u306a\u308b Rails \u306e\u7c21\u6613\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u5b9f\u88c5\u65b9\u6cd5<\/a><\/li>\n<li><a href=\"https:\/\/docs.docker.com\/\">Docker \u53ca\u3073Docker Compose \u306e\u8aac\u660e<\/a><\/li>\n<\/ul>\n<h2>3. CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f<\/h2>\n<hr \/>\n<p>CIBA\u3068\u306f\u3001OpenID Connect Client Initiated Backchannel Authentication \u306e\u7565\u79f0\u3067\u3042\u308a\u3001OpenIDFoundation\u306e MODRNA(Mobile Operator Discovery, Registration &amp; autheNticAtion)\u306e\u30ef\u30fc\u30ad\u30f3\u30b0\u30b0\u30eb\u30fc\u30d7\u306b\u3088\u3063\u3066\u4f5c\u3089\u308c\u305f\u4ed5\u69d8\u3067\u3059\u3002<\/p>\n<p>\u8a8d\u8a3c\u3057\u305f\u3044\u30e6\u30fc\u30b6\u306e\u6709\u52b9\u306a\u8b58\u5225\u5b50\u3092\u53d6\u5f97\u3067\u304d\u308bRP\u304c\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u3068\u306e\u5bfe\u8a71(\u30e6\u30fc\u30b6\u30fc\u306e\u30d6\u30e9\u30a6\u30b6\u306a\u3069\u3092\u4ecb\u3057\u3066\u306e\u5bfe\u8a71\u306a\u3069)\u3092\u884c\u308f\u305a\u306b\u3001\u30e6\u30fc\u30b6\u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081\u306e\u5bfe\u8a71\u30d5\u30ed\u30fc\u3092\u958b\u59cb\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u305f\u3081\u306e\u3001\u65b0\u3057\u3044\u8a8d\u8a3c\u30d5\u30ed\u30fc\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u4ed5\u69d8\u306f\u30d1\u30d6\u30ea\u30c3\u30af\u30ec\u30d3\u30e5\u30fc\u671f\u9593\u304c2018\u5e7412\u670814\u65e5\u306b\u958b\u59cb\u3055\u308c\u30012019\u5e742\u67084\u65e5\u306b Implementer's Draft\u3068\u3057\u3066\u627f\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u306e\u4ed5\u69d8\u3092\u3056\u3063\u304f\u308a\u8aac\u660e\u3059\u308b\u3068\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306a\u6d41\u308c\u3092\u53d6\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306fOP\u306e\u30d0\u30c3\u30af\u30c1\u30e3\u30cd\u30eb\u8a8d\u8a3c\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8a8d\u8a3c\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3002<\/li>\n<li>\u53d7\u4fe1\u3057\u305fOP\u306f\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u3067\u30e6\u30fc\u30b6\u30fc\u3092\u8a8d\u8a3c\u3057\u3088\u3046\u3068\u3057\u3001\u8a8d\u8a3c\u3092\u8b58\u5225\u3059\u308b\u4e00\u610f\u306e\u8b58\u5225\u5b50\u3092\u8fd4\u5374\u3002<\/li>\n<li>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f polling\u3001ping\u3001push \u306e\u3044\u305a\u308c\u304b\u306e\u65b9\u6cd5\u3067\u3001ID\u30c8\u30fc\u30af\u30f3\u3001\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3001\u30aa\u30d7\u30b7\u30e7\u30ca\u30eb\u3067\u5834\u5408\u306b\u3088\u3063\u3066\u306f\u66f4\u65b0\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3002<\/li>\n<\/ol>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/openid.net\/specs\/openid-client-initiated-backchannel-authentication-core-1_0.html\">OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 draft-04<\/a><\/li>\n<\/ul>\n<h2>4. \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e<\/h2>\n<hr \/>\n<p>\u6b21\u306b\u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u3092\u3054\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n<p>\u4eca\u56de\u306fKeycloak\u3067CIBA\u306e\u30dd\u30fc\u30ea\u30f3\u30b0\u30e2\u30fc\u30c9\u3092\u7528\u3044\u3066\u691c\u8a3c\u3057\u307e\u3059\u3002\u30dd\u30fc\u30ea\u30f3\u30b0\u30e2\u30fc\u30c9\u3067\u4eca\u56de\u8a66\u3059\u51e6\u7406\u306e\u7c21\u6613\u306e\u30b7\u30fc\u30b1\u30f3\u30b9\u56f3\u304c\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h2><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46464 size-full\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/CIBA-sequence.jpg\" alt=\"\" width=\"640\" height=\"556\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/CIBA-sequence.jpg 640w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/CIBA-sequence-360x313.jpg 360w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/h2>\n<p>\u4e0a\u8a18\u306e\u30dd\u30fc\u30ea\u30f3\u30b0\u3067\u3084\u308a\u3068\u308a\u3059\u308b\u30b1\u30fc\u30b9\u306e\u30b7\u30fc\u30b1\u30f3\u30b9\u306e\u4e2d\u3067\u7dd1\u8272\u306e\u70b9\u7dda\u306b\u56f2\u307e\u308c\u305f\u7b87\u6240\u304cCIBA\u306b\u8a72\u5f53\u3059\u308b\u90e8\u5206\u3067\u3001\u4e3b\u306b\u4e0b\u8a18\u306e2\u7b87\u6240\u3067\u3059\u3002<\/p>\n<ul>\n<li><em>Authentication Request<\/em> \u3068\u305d\u306e\u30ec\u30b9\u30dd\u30f3\u30b9<\/li>\n<li><em>Token Request<\/em> \u3068\u305d\u306e\u30ec\u30b9\u30dd\u30f3\u30b9<\/li>\n<\/ul>\n<p>\u3067\u306f\u305d\u308c\u4ee5\u5916\u306e\u4e0b\u8a18\u306f\u306a\u306b\u304b\u3068\u3044\u3046\u3068\u3001Keycloak\u5074\u306e\u4ed5\u69d8\u3067\u3059\u3002<\/p>\n<ul>\n<li><em>Authentication Delegation Request<\/em>\u3068\u305d\u306e\u30ec\u30b9\u30dd\u30f3\u30b9<\/li>\n<li><em>Authentication Result Notification<\/em> \u3068\u305d\u306e\u30ec\u30b9\u30dd\u30f3\u30b9<\/li>\n<\/ul>\n<p>\u3068\u3044\u3046\u306e\u3082\u305d\u3082\u305d\u3082CIBA\u306f\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306e\u8a8d\u8a3c\u3092\u958b\u59cb\u3059\u308b\u65b9\u6cd5\u306f\u4ed5\u69d8\u3068\u3057\u3066\u5b9a\u7fa9\u3057\u3066\u304a\u308a\u307e\u3059\u304c\u3001\u30e6\u30fc\u30b6\u30fc\u3092\u3069\u306e\u3088\u3046\u306b\u8a8d\u8a3c\u3059\u308b\u304b\u3068\u3044\u3046\u3053\u3068\u306f\u5b9a\u7fa9\u3057\u3066\u304a\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>\u307e\u305f\u3001\u4eca\u56de\u306e\u30d5\u30ed\u30fc\u3067\u306f\u30e6\u30fc\u30b6\u30fc\u8a8d\u8a3c\u306e\u90e8\u5206\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u3001\u8a8d\u8a3c\u3057\u305f\u3082\u306e\u3068\u3057\u3066 \u8a8d\u8a3c\u7d50\u679c\u3092\u901a\u77e5\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8(\u56f3\u3067\u306e <em>Authentication Result Notification<\/em>)\u3092\u9001\u3063\u3066\u8a66\u3057\u307e\u3059\u3002<\/p>\n<p>\u52ff\u8ad6\u3088\u304f\u805e\u304f\u3088\u3046\u306a\u30d7\u30c3\u30b7\u30e5\u901a\u77e5\u3092\u9001\u308a\u3001\u78ba\u8a8d\u3055\u308c\u305f\u3089 <em>Authentication Result Notification<\/em> \u3092\u9001\u308b\u3088\u3046\u306a\u5b9f\u88c5\u3082\u8003\u3048\u3089\u308c\u307e\u3059(\u3053\u3061\u3089\u306f\u5225\u9014\u8a18\u4e8b\u5316\u3059\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093)\u3002\u3067\u3059\u304c\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u4e00\u65e6CIBA\u90e8\u5206\u306b\u3060\u3051\u7d5e\u3063\u3066\u304a\u8a71\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<h2>5. \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e<\/h2>\n<hr \/>\n<div>\n<div>\u3067\u306f\u307e\u305a\u4eca\u56de\u8a66\u3057\u305f\u74b0\u5883\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/div>\n<div><\/div>\n<div>\u4eca\u56de\u306fdocker\u74b0\u5883\u3067\u8a66\u3057\u307e\u3057\u305f\u3002keycloak\u306e\u30a4\u30e1\u30fc\u30b8\u306f <em>jboss\/keycloak<\/em> \u3092\u7528\u3044\u3066\u3001\u8a8d\u8a3c\u7528\u306e\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u3068\u3057\u3066\u306f\u4eee\u3067Ruby + Rails\u3067\u7c21\u6613\u306eAPI\u3092\u5b9f\u88c5\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/div>\n<div><\/div>\n<div>\u3053\u3053\u3067\u4f8b\u3068\u306a\u308bdocker-compose\u306e\u8a2d\u5b9a\u4f8b\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/div>\n<div>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"dockerfile\">version: '3.8'\r\n\r\nservices:\r\n  keycloak:\r\n    container_name: keycloak\r\n    image: jboss\/keycloak:14.0.0\r\n    command: -b 0.0.0.0 -Dkeycloak.profile.feature.ciba=enabled\r\n    ports:\r\n      - \"8088:8080\"\r\n    volumes:\r\n      - .\/docker\/keycloak\/demo-config\/standalone-ha.xml:\/opt\/jboss\/keycloak\/standalone\/configuration\/standalone-ha.xml\r\n    environment:\r\n      KEYCLOAK_USER: admin\r\n      KEYCLOAK_PASSWORD: password\r\n  \r\n  authn-server:\r\n    container_name: authn-server\r\n    build:\r\n      context: .\/docker\/authn-server\r\n    command: bash -c \"rm -f tmp\/pids\/server.pid &amp;&amp; bundle e rails s -p 3000 -b '0.0.0.0'\"\r\n    ports:\r\n      - 3000:3000\r\n    volumes:\r\n      - .\/docker\/authn-server:\/my_app<\/pre>\n<p>\u4e0a\u8a18\u306edocker-compose\u306e\u8a2d\u5b9a\u306b\u306f2\u70b9\u30dd\u30a4\u30f3\u30c8\u304c\u3042\u308a\u3001\u3053\u308c\u3089\u306b\u3064\u3044\u3066\u9806\u756a\u306b\u89e3\u8aac\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<\/div>\n<div>\n<ol>\n<li>CIBA\u3092\u6709\u52b9\u5316\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a<\/li>\n<li>Authentication Channel Provider\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n<p>authn-server\u3068\u3044\u3046\u306e\u306f Authentication entity\u306e\u5f79\u76ee\u306f\u4e0b\u8a18\u306e3\u3064\u3067\u3059\u3002<\/p>\n<ul>\n<li>keycloak \u304b\u3089<em>\u00a0Authentication Delegation Request \u3068\u3044\u3046\u8a8d\u8a3c\u3092\u59d4\u4efb\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8<\/em>\u3092\u53d7\u3051\u308b\u3002<\/li>\n<li>\u4efb\u610f\u306e\u8a8d\u8a3c\u3092\u884c\u3046<br \/>\n\u203b \u672c\u8cc7\u6599\u3067\u306f\u884c\u3044\u307e\u305b\u3093<\/li>\n<li>keycloak \u306b Authentication Result Notification \u3068\u3044\u3046\u8a8d\u8a3c\u7d50\u679c\u3092\u901a\u77e5\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3059\u308b\u3002<br \/>\n\u203b \u672c\u8cc7\u6599\u3067\u306f\u691c\u8a3c\u306e\u305f\u3081\u3001curl\u3067\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u307e\u3059\u306e\u3067\u3053\u306e\u6a5f\u80fd\u306f\u4e0d\u8981\u3067\u3059\u3002<\/li>\n<\/ul>\n<p>Keycloak\u306eCIBA\u5bfe\u5fdc\u90e8\u5206\u3092\u8a66\u3059\u305f\u3081\u3060\u3051\u306a\u3089\u3070\u3001\u6975\u3081\u3066\u30b7\u30f3\u30d7\u30eb\u306a\u51e6\u7406\u3057\u304b\u8981\u6c42\u3055\u308c\u306a\u3044\u305f\u3081\u4efb\u610f\u306e\u8a00\u8a9e\u3084\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u4f7f\u3063\u3066\u5b9f\u88c5\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u5b9f\u88c5\u306b\u5fc5\u8981\u306a\u8981\u4ef6\u306a\u3069\u306f\u5f8c\u306e\u7ae0\u306e<em>\u00a0 7. \u30ea\u30af\u30a8\u30b9\u30c8\u30d9\u30fc\u30b9\u3067\u306e\u89e3\u8aac<\/em> \u306e\u4e2d\u306e <em>\u2463 Response (\u2462 Authentication Delegation Request \u306e\u30ec\u30b9\u30dd\u30f3\u30b9) <\/em>\u306e\u4e2d\u3067\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n<h3>CIBA\u3092\u6709\u52b9\u306b\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a<\/h3>\n<p>Keycloak\u3067\u306fCIBA\u306e\u6a5f\u80fd\u306f\u73fe\u5728<strong>\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30d7\u30ec\u30d3\u30e5\u30fc\u72b6\u614b<\/strong>\u3067\u3042\u308a\u3001 <strong>\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u7121\u52b9<\/strong> \u3068\u306a\u3063\u3066\u3044\u308b\u305f\u3081\u3001\u3053\u308c\u3092<strong>\u6709\u52b9\u5316\u3059\u308b\u6642\u306f\u8a2d\u5b9a\u304c\u5fc5\u8981<\/strong>\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u8a2d\u5b9a\u3092\u6709\u52b9\u306b\u3059\u308b\u306b\u306f2\u3064\u306e\u65b9\u6cd5\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\n<strong><em>-Dkeycloak.profile.feature.ciba=enabled<\/em><\/strong> \u306e\u3088\u3046\u306bCIBA\u306e\u8a2d\u5b9a\u3060\u3051\u6709\u52b9\u5316\u3059\u308b<br \/>\n<strong><em>-Dkeycloak.profile=preview<\/em><\/strong> \u306e\u3088\u3046\u306b preview \u6a5f\u80fd\u3092\u6709\u52b9\u5316\u3059\u308b<\/p>\n<p>\u4eca\u56de\u306edocker-compose\u3067\u306f\u4e0a\u8a18\u306e\u65b9\u6cd5\u306e\u3046\u3061\u524d\u8005\u306e\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/server_admin\/#_client_initiated_backchannel_authentication_grant\">Keycloak: Client Initiated Backchannel Authentication Grant<\/a><\/li>\n<\/ul>\n<h3>Authentication Channel Provider\u306e\u8a2d\u5b9a<\/h3>\n<p>Keycloak\u3067 CIBA \u3092\u4f7f\u3046\u6642\u306f\u4e0b\u8a182\u3064\u306e\u30d7\u30ed\u30d1\u30a4\u30c0\u30fc\u3092\u5229\u7528\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li><strong>Authentication Channel Provider<\/strong><br \/>\nKeycloak\u3068AD\u3092\u4ecb\u3057\u3066\u5b9f\u969b\u306b\u5229\u7528\u8005\u3092\u8a8d\u8a3c\u3059\u308b\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u3068\u306e\u9593\u306e\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u63d0\u4f9b\u3002<\/li>\n<li><strong>User Resolver Provider<\/strong><br \/>\n\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u63d0\u4f9b\u3055\u308c\u305f\u60c5\u5831\u304b\u3089Keycloak\u306eUserModel\u3092\u53d6\u5f97\u3057\u3001\u30e6\u30fc\u30b6\u3092\u8b58\u5225\u3002<\/li>\n<\/ul>\n<p>Keycloak\u306b\u306f\u4e21\u65b9\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u304c\u6e96\u5099\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001<strong>\u8a8d\u8a3c\u30c1\u30e3\u30cd\u30eb\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306e\u307f\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059<\/strong>\u3002<\/p>\n<p>\u516c\u5f0f\u306e\u8a2d\u5b9a\u4f8b\u3092\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"xml\">&lt;spi name=\"ciba-auth-channel\"&gt;\r\n    &lt;default-provider&gt;ciba-http-auth-channel&lt;\/default-provider&gt;\r\n    &lt;provider name=\"ciba-http-auth-channel\" enabled=\"true\"&gt;\r\n        &lt;properties&gt;\r\n            &lt;property name=\"httpAuthenticationChannelUri\" value=\"https:\/\/backend.internal.example.com\/auth\"\/&gt;\r\n        &lt;\/properties&gt;\r\n    &lt;\/provider&gt;\r\n&lt;\/spi&gt;<\/pre>\n<div>\n<div>\u3053\u306e\u8a2d\u5b9a\u306e\u4e2d\u3067\u5909\u66f4\u304c\u5fc5\u8981\u306a\u9805\u76ee\u306f\u3001<em>httpAuthenticationChannelUri<\/em> \u3067\u3059\u3002\u3053\u306e\u9805\u76ee\u306fAD\uff08Authentication Device\uff09\u3092\u4ecb\u3057\u3066\u30e6\u30fc\u30b6\u30fc\u3092\u5b9f\u969b\u306b\u8a8d\u8a3c\u3059\u308b\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306eURI\u3067\u3001<strong>\u5b9f\u969b\u306b\u691c\u8a3c\u3092\u884c\u3046\u5834\u5408\u306a\u3069\u306f\u3053\u306e\u5024\u3092\u6307\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/strong>\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f<em>https:\/\/backend.internal.example.com\/auth<\/em> \u306b\u306a\u3063\u3066\u304a\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/server_admin\/#provider-setting\">Keycloak: provider-setting\u00a0<\/a><\/li>\n<\/ul>\n<div><\/div>\n<div>\n<div>\n<div>\n<div>\u3067\u306f\u3053\u306e\u8a2d\u5b9a\u3092\u3069\u3053\u3067\u8a2d\u5b9a\u3059\u308b\u304b\u3068\u3044\u3046\u3068\u3001<em>standalone-ha.xml<\/em>\u3092\u66f8\u304d\u63db\u3048\u308b\u3053\u3068\u3067\u8a66\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u3053\u308c\u306f jboss\/keycloak \u306edocker\u306e\u30a4\u30e1\u30fc\u30b8\u3067\u306f <em>docker-entrypoint.sh<\/em> \u306e\u4e2d\u3067\u3001\u30b5\u30fc\u30d0\u30fc\u69cb\u6210\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u6e21\u3055\u306a\u3044\u5834\u5408\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f <em>standalone-ha.xml<\/em> \u3092\u4f7f\u7528\u3059\u308b\u305f\u3081\u3067\u3059\u3002<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<div>\n<p>\u53c2\u8003:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/keycloak\/keycloak-containers\/blob\/master\/server\/README.md#running-custom-scripts-on-startup\">keycloak-containers README<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/keycloak\/keycloak-containers\/blob\/master\/server\/tools\/docker-entrypoint.sh#L102-L105\">docker-entrypoint.sh<\/a><\/li>\n<\/ul>\n<p>\u4f8b\u793a\u3057\u305fdocker-compose\u3067\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306b volumes \u3067 <em>standalone-ha.xml<\/em> \u3092\u66f8\u304d\u63db\u3048\u3066\u3044\u307e\u3059\u304c\u3001\u9069\u5b9c\u81ea\u5206\u306e\u8a2d\u5b9a\u3067\u7f6e\u304d\u63db\u3048\u308b\u7528\u306b\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"dockerfile\">volumes:\r\n  - .\/docker\/keycloak\/demo-config\/standalone-ha.xml:\/opt\/jboss\/keycloak\/standalone\/configuration\/standalone-ha.xml<\/pre>\n<p>\u3067\u306f\u3069\u3093\u306a\u98a8\u306b\u66f8\u304d\u63db\u3048\u308b\u304b\u3068\u3044\u3046\u3068\u3001\u4e0b\u8a18\u306e <em>&lt;subsystem xmlns=\"urn:jboss:domain:keycloak-server:1.1\"&gt;<\/em>\u306e\u8981\u7d20\u306e\u4e2d\u306b\u8a72\u5f53\u306e\u51e6\u7406\u3092\u8ffd\u52a0\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"xml\">&lt;subsystem xmlns=\"urn:jboss:domain:keycloak-server:1.1\"&gt;\r\n    \u203b\u591a\u304f\u306e\u51e6\u7406\r\n&lt;\/subsystem&gt;<\/pre>\n<p>\u8ffd\u52a0\u3059\u308b\u4f4d\u7f6e\u306b\u3064\u3044\u3066\u3067\u3059\u304c\u3001\u4ed6\u306eSPI\u306e\u8a2d\u5b9a <em>&lt;spi name=\"hostname\"&gt;<\/em> \u306e\u8981\u7d20\u306e\u5f8c\u308d\u306b\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u4eca\u56de\u8ffd\u52a0\u3057\u305f\u8a2d\u5b9a\u306f <em>&lt;spi name=\"ciba-auth-channel\"&gt;<\/em>\u306e\u8981\u7d20\u306e\u51e6\u7406\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"xml\">&lt;spi name=\"hostname\"&gt;\r\n    &lt;default-provider&gt;${keycloak.hostname.provider:default}&lt;\/default-provider&gt;\r\n    &lt;provider name=\"default\" enabled=\"true\"&gt;\r\n        &lt;properties&gt;\r\n            &lt;property name=\"frontendUrl\" value=\"${keycloak.frontendUrl:}\"\/&gt;\r\n            &lt;property name=\"forceBackendUrlToFrontendUrl\" value=\"false\"\/&gt;\r\n        &lt;\/properties&gt;\r\n    &lt;\/provider&gt;\r\n    &lt;provider name=\"fixed\" enabled=\"true\"&gt;\r\n        &lt;properties&gt;\r\n            &lt;property name=\"hostname\" value=\"${keycloak.hostname.fixed.hostname:localhost}\"\/&gt;\r\n            &lt;property name=\"httpPort\" value=\"${keycloak.hostname.fixed.httpPort:-1}\"\/&gt;\r\n            &lt;property name=\"httpsPort\" value=\"${keycloak.hostname.fixed.httpsPort:-1}\"\/&gt;\r\n            &lt;property name=\"alwaysHttps\" value=\"${keycloak.hostname.fixed.alwaysHttps:false}\"\/&gt;\r\n        &lt;\/properties&gt;\r\n    &lt;\/provider&gt;\r\n&lt;\/spi&gt;\r\n&lt;spi name=\"ciba-auth-channel\"&gt;\r\n    &lt;default-provider&gt;ciba-http-auth-channel&lt;\/default-provider&gt;\r\n    &lt;provider name=\"ciba-http-auth-channel\" enabled=\"true\"&gt;\r\n        &lt;properties&gt;\r\n            &lt;property name=\"httpAuthenticationChannelUri\" value=\"http:\/\/authn-server:3000\/api\/v1\/auth\"\/&gt;\r\n        &lt;\/properties&gt;\r\n    &lt;\/provider&gt;\r\n&lt;\/spi&gt;<\/pre>\n<p>\u3067\u3059\u304c\u3001\u3053\u306e <em>http:\/\/authn-server:3000\/api\/v1\/auth<\/em> \u306f\u3042\u304f\u307e\u3067\u4eca\u56de\u306edocker-compose\u306e\u8a2d\u5b9a\u306e\u5834\u5408\u3067\u306e\u4e00\u4f8b\u3067\u3059\u3002\u5404\u81ea\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u305f FQDN \u3084 IP\u3001 Port\u3001\u30d1\u30b9\u3092\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<\/div>\n<div>\n<h2>6. CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d<\/h2>\n<hr \/>\n<p>CIBA\u3092\u8a66\u3059\u305f\u3081\u306b\u306f\u691c\u8a3c\u7528\u306e\u9069\u5f53\u306a\u30c7\u30fc\u30bf\u304c\u5fc5\u8981\u3067\u3059\u3002Keycloak\u306e\u7ba1\u7406\u753b\u9762\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u6e96\u5099\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u6e96\u5099\u304c\u5fc5\u8981\u306a\u9805\u76ee\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u30ec\u30eb\u30e0\u306e\u4f5c\u6210<\/li>\n<li>\u30e6\u30fc\u30b6\u30fc\u306e\u4f5c\u6210<\/li>\n<li>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210<\/li>\n<li>\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30c8\u30fc\u30af\u30f3\u306e\u78ba\u8a8d<\/li>\n<li>\n<div>\n<div>CIBA\u306e\u8a2d\u5b9a\u306e\u78ba\u8a8d\u30fb\u5909\u66f4\u00a0 (\u203b \u3053\u306e\u5909\u66f4\u306f\u3088\u308a\u691c\u8a3c\u304c\u3057\u3084\u3059\u304f\u3059\u308b\u305f\u3081\u306e\u5909\u66f4\u3067\u3059)<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<h3>\u30ec\u30eb\u30e0\u306e\u4f5c\u6210<\/h3>\n<\/div>\n<p>\u307e\u305a\u306f\u4efb\u610f\u306e\u30ec\u30eb\u30e0\u3092\u4f5c\u6210\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u30ec\u30eb\u30e0\u306e\u540d\u524d\u306f <em>SampleRealm <\/em>\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<p>\u4eca\u5f8c\u306e\u6587\u7ae0\u3067\u306f\u30ec\u30eb\u30e0\u540d\u306e\u90e8\u5206\u3092 <em>SampleRealm<\/em> \u3068\u3057\u3066\u8aac\u660e\u3057\u3066\u3044\u304f\u306e\u3067\u3001\u4eca\u5f8c\u306e\u8cc7\u6599\u3067\u306f\u9069\u5b9c\u81ea\u5206\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u8aad\u307f\u66ff\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3>\u30e6\u30fc\u30b6\u30fc\u306e\u4f5c\u6210<\/h3>\n<p>\u6b21\u306b\u30e6\u30fc\u30b6\u30fc\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u4e0b\u8a18\u306e\u5024\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%;height: 120px\">\n<tbody>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">\u30d5\u30a3\u30fc\u30eb\u30c9\u540d<\/td>\n<td style=\"width: 50%;height: 24px\">\u5024<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">Username<\/td>\n<td style=\"width: 50%;height: 24px\">cl-taro<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u4eca\u5f8c\u306e\u6587\u7ae0\u3067\u306f\u30e6\u30fc\u30b6\u30fc\u306e\u5024\u3092\u4e0a\u8a18\u306e\u5024\u3068\u3057\u3066\u8aac\u660e\u3057\u3066\u3044\u304f\u306e\u3067\u3001\u4eca\u5f8c\u306e\u8cc7\u6599\u3067\u306f\u9069\u5b9c\u81ea\u5206\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u8aad\u307f\u66ff\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>Username\u306f\u4efb\u610f\u306e\u5024\u3067\u554f\u984c\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u5f8c\u3005\u306e\u624b\u9806\u3067\u4f7f\u7528\u3059\u308b\u6a5f\u4f1a\u304c\u3042\u308b\u305f\u3081\u3001\u691c\u8a3c\u6642\u306f\u308f\u304b\u308a\u3084\u3059\u3044\u540d\u524d\u306e\u307b\u3046\u304c\u3088\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/p>\n<h3>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210<\/h3>\n<p>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u4e0b\u8a18\u306e\u5024\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 50%\">\u30d5\u30a3\u30fc\u30eb\u30c9\u540d<\/td>\n<td style=\"width: 50%\">\u5024<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 50%\">\n<div>\n<div>Client ID<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%\">\n<div>\n<div>test-client<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 50%\">\n<div>\n<div>Client Protocol<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%\">\n<div>\n<div>openid-connect \u203b\u3053\u308c\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u5024\u3067\u3059<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u5099\u8003: Root URL \u306f\u4eca\u56de\u306e\u30d5\u30ed\u30fc\u3067\u306f\u767b\u9332\u4e0d\u8981\u3067\u3059\u3002<\/p>\n<p>\u4f5c\u6210\u5f8c\u306e Test-client \u306e <em>Setting<\/em> \u30bf\u30d6\u3067\u4e0b\u8a18\u306e\u5909\u66f4\u3092\u884c\u3063\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<ol>\n<li><em>Access Type<\/em> \u306e\u30bb\u30ec\u30af\u30c8\u30dc\u30c3\u30af\u30b9\u306e\u5024\u3092 <em>public<\/em> \u304b\u3089 <em>confidential<\/em> \u306b\u5909\u66f4<\/li>\n<li><em>Standard Flow Enabled<\/em> \u3092 <em>ON<\/em> \u304b\u3089 <em>OFF<\/em> \u306b\u5909\u66f4<br \/>\n\u88dc\u8db3: CIBA\u306e\u30d5\u30ed\u30fc\u3067\u306f\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u7528\u306eURI\u306e\u767b\u9332\u306f\u4e0d\u8981\u3067\u3059\u3002\u3067\u3059\u304c\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3060\u3068\u4ed6\u306e\u30d5\u30ed\u30fc\u306e\u30b5\u30dd\u30fc\u30c8\u306e\u305f\u3081\u306b\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u7528\u306eURI\u767b\u9332\u304c\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3002\u305d\u306e\u305f\u3081 Standard Flow Enabled \u3092\u610f\u56f3\u7684\u306b\u7121\u52b9\u306b\u3057\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001\u4eee\u306b ON \u306e\u307e\u307e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u4fdd\u5b58\u3057\u3088\u3046\u3068\u3059\u308b\u3068\u6b21\u306e\u30a8\u30e9\u30fc\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002<\/p>\n<blockquote><p>Error! You must specify at least one redirect uri<\/p><\/blockquote>\n<\/li>\n<li>OIDC CIBA Grant Enabled\u306e\u30c1\u30a7\u30c3\u30af\u3092 OFF \u304b\u3089 ON \u306b\u5909\u66f4<\/li>\n<\/ol>\n<p>\u4e0a\u8a18\u306e\u8a2d\u5b9a\u304c\u7d42\u308f\u308a\u6b21\u7b2c <em>Save<\/em> \u304b\u3089\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u5bfe\u3059\u308b\u8a2d\u5b9a\u3092\u4fdd\u5b58\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30c8\u30fc\u30af\u30f3\u306e\u78ba\u8a8d<\/h3>\n<p>Test-client \u306e <em>Credentials<\/em> \u30bf\u30d6\u3067 <em>Secret<\/em> \u306e\u5024\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u4eca\u56de\u306e\u4f8b\u3067\u306f\u4eee\u306b <strong>2ae6d81d-bc78-434e-a7b8-985921e0d47b<\/strong> \u3068\u3057\u307e\u3059\u3002\u3053\u306e\u5024\u306f\u5404\u74b0\u5883\u3067\u5909\u308f\u308a\u307e\u3059\u3002\u4eca\u5f8c\u306e\u8cc7\u6599\u3067\u306f\u9069\u5b9c\u81ea\u5206\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u8aad\u307f\u66ff\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p><em>Client Authenticator<\/em> \u306f\u521d\u671f\u5024\u306e\u307e\u307e\u3067\u554f\u984c\u3042\u308a\u307e\u305b\u3093\u3002\u5ff5\u306e\u70ba <em>Client and Secret<\/em> \u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304a\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3>CIBA\u306e\u8a2d\u5b9a\u306e\u78ba\u8a8d\u30fb\u5909\u66f4<\/h3>\n<p>\u30ec\u30eb\u30e0\u306eAuthentication\u306eConfigure\u306e\u753b\u9762\u306bCIBA Policy \u3068\u3044\u3046\u30bf\u30d6\u304c\u3042\u308b\u3068\u601d\u3046\u306e\u3067\u958b\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u30b5\u30f3\u30d7\u30eb\u306e\u3088\u3046\u306adocker\u306e\u8a2d\u5b9a\u3068\u3001\u30ec\u30eb\u30e0\u540d\u306b\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306aURL\u3067\u958b\u304f\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002 <a href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/SampleRealm\/authentication\/flows\">http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/SampleRealm\/authentication\/flows<\/a><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-43479\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/07\/ciba-setting-1024x581.png\" alt=\"keycloak-ciba-setting\" width=\"1024\" height=\"581\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/07\/ciba-setting-1024x581.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/07\/ciba-setting-360x204.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/07\/ciba-setting-768x436.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/07\/ciba-setting.png 1176w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>\u5404\u9805\u76ee\u3092\u7c21\u5358\u306b\u8aac\u660e\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%;height: 528px\">\n<tbody>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">\u540d\u524d<\/td>\n<td style=\"width: 50%;height: 24px\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 120px\">\n<td style=\"width: 50%;height: 120px\">\n<div>\n<div>Backchannel Token Delivery Mode<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 120px\">\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3084\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u30ea\u30d5\u30ec\u30c3\u30b7\u30e5\u30c8\u30fc\u30af\u30f3\u306a\u3069\u3092\u53d6\u5f97\u3059\u308b\u65b9\u6cd5\u3067\u3002CIBA\u3067\u306f \"poll\", \"ping\", \"push\" \u306e\uff13\u3064\u304c\u3042\u308a\u307e\u3059\u3002<span style=\"text-decoration: underline\"><strong>Keycloak\u306f\u73fe\u6642\u70b9\u3067\u306f\"poll\" \u306e\u307f\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u307e\u3059\u3002<\/strong><\/span><\/td>\n<\/tr>\n<tr style=\"height: 96px\">\n<td style=\"width: 50%;height: 96px\">\n<div>\n<div>Expires In<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 96px\">auth_req_id \u306e\u6709\u52b9\u671f\u9650\u3092\u79d2\u5358\u4f4d\u3067\u793a\u3059\u3001\u6b63\u306e\u6574\u6570\u5024\u3067\u3059\u3002<strong>Keycloak\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u5024\u306f \"120\" \u3067\u3059\u3002<\/strong> \u3053\u306e\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u5fc5\u9808\u3067\u3059\u3002<\/td>\n<\/tr>\n<tr style=\"height: 168px\">\n<td style=\"width: 50%;height: 168px\">\n<div>\n<div>Interval<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 168px\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30c8\u30fc\u30af\u30f3\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u306e\u30dd\u30fc\u30ea\u30f3\u30b0\u8981\u6c42\u3092\u518d\u5ea6\u884c\u3046\u307e\u3067\u306b\u5f85\u6a5f\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u6700\u5c0f\u6642\u9593\u3092\u3001\u79d2\u5358\u4f4d\u3067\u793a\u3059\u6b63\u306e\u6574\u6570\u5024\u3067\u3059\u3002\u6307\u5b9a\u304c\u306a\u3044\u5834\u5408\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u306f5\u79d2\u3067\u3059\u3002<strong>Keycloak\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u3082 \"5\" \u3067\u3059\u3002<\/strong>\u3053\u306e\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u30aa\u30d7\u30b7\u30e7\u30ca\u30eb\u3067\u3059\u3002<\/td>\n<\/tr>\n<tr style=\"height: 120px\">\n<td style=\"width: 50%;height: 120px\">\n<div>\n<div>Authentication Requested User Hint<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 120px\">\u8a8d\u8a3c\u304c\u8981\u6c42\u3055\u308c\u3066\u3044\u308b\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u30fc\u3092\u8b58\u5225\u3059\u308b\u65b9\u6cd5\u3067\u3059\u3002CIBA\u3067\u306f \"login_hint\", \"login_hint_token\", \"id_token_hint\" \u306e\uff13\u3064\u304c\u3042\u308a\u307e\u3059\u3002 <span style=\"text-decoration: underline\"><strong>Keycloak\u306f\u73fe\u6642\u70b9\u3067\u306f<\/strong><\/span><span style=\"text-decoration: underline\"><strong>\u00a0\"login_hint\" \u306e\u307f\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u307e\u3059\u3002<\/strong><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u4eca\u56de\u306e\u691c\u8a3c\u3067\u306f\u5404\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u7740\u76ee\u3057\u3066\u5c11\u3057\u305a\u3064\u78ba\u8a8d\u3057\u3066\u3044\u304f\u305f\u3081\u3001\u691c\u8a3c\u9014\u4e2d\u3067 <em>auth_req_id<\/em> \u306e\u6709\u52b9\u671f\u9650\u5207\u308c\u3092\u8fce\u3048\u306a\u3044\u3088\u3046\u306b<span style=\"text-decoration: underline\">Expires In\u306e\u8a2d\u5b9a\u3092 \"600\" \u306b\u5909\u66f4\u3057\u3066\u304a\u304d\u3057\u3087\u3046\u3002<\/span><\/p>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/server_admin\/#ciba-policy\">Keycloak: CIBA Policy<\/a><\/li>\n<\/ul>\n<h2>7. \u30ea\u30af\u30a8\u30b9\u30c8\u30d9\u30fc\u30b9\u3067\u306e\u89e3\u8aac<\/h2>\n<hr \/>\n<p>\u3067\u306f\u3082\u30461\u5ea6\u3001\u7c21\u6613\u30b7\u30fc\u30b1\u30f3\u30b9\u56f3\u3092\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<h2><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46464 size-full\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/CIBA-sequence.jpg\" alt=\"\" width=\"640\" height=\"556\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/CIBA-sequence.jpg 640w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/CIBA-sequence-360x313.jpg 360w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/h2>\n<p>\u30ea\u30af\u30a8\u30b9\u30c8\u3068\u30ec\u30b9\u30dd\u30f3\u30b9\u306b\u9069\u5f53\u306a\u756a\u53f7(\u2460~\u2469)\u3092\u3064\u3051\u3066\u9806\u306b\u89e3\u8aac\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p>\u5927\u307e\u304b\u306a\u304b\u305f\u307e\u308a\u3068\u3057\u3066\u306f\u3001<\/p>\n<p>\u2460 Authentication Request<br \/>\n\u2461 Successful Authentication Request Acknowledgement<br \/>\n\u2462 Authentication Delegation Request<br \/>\n\u2463 Response (Authentication Delegation Request\u306e\u30ec\u30b9\u30dd\u30f3\u30b9)<\/p>\n<p>\u2460~\u2463\u306f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304cKeycloak\u306b\u8a8d\u8a3c\u3092\u8981\u6c42\u3059\u308b\u90e8\u5206\u3067\u3059\u3002\u5185\u90e8\u3067Keycloak\u306fAutentication entity\u306b\u8a8d\u8a3c\u3092\u59d4\u4efb\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8(\u2461\u301c\u2462)\u3092\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u2464 Token Request<br \/>\n\u2465 Token Error Response<\/p>\n<p>\u2464~\u2465\u306f\u3001\u8a8d\u8a3c\u3092\u7d42\u3048\u3066\u3044\u306a\u3044\u72b6\u614b\u3067\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u884c\u3044<br \/>\n\u30c8\u30fc\u30af\u30f3\u30a8\u30e9\u30fc\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u53d7\u3051\u53d6\u308b\u90e8\u5206\u3067\u3059\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u2466 Authentication Result Notification<br \/>\n\u2467 Response (Authentication Result Notification\u306e\u30ec\u30b9\u30dd\u30f3\u30b9)<\/p>\n<p>\u2466~\u2467\u306f\u8a8d\u8a3c\u306e\u7d50\u679c\u3092Autentication entity\u304b\u3089Keycloak\u306b\u901a\u77e5\u3092\u884c\u3046\u90e8\u5206\u3067\u3059\u3002\u4eca\u56de\u306e\u30b1\u30fc\u30b9\u3067\u306f\u2466\u3067\u6b63\u5e38\u306b\u5b8c\u4e86\u3057\u305f\u3082\u306e\u3068\u3057\u3066\u901a\u77e5\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u2468 Token Request<br \/>\n\u2469 Successful Token Response<\/p>\n<p>\u2468~\u2469\u306f\u8a8d\u8a3c\u304c\u6b63\u5e38\u306b\u5b8c\u4e86\u3057\u3066\u3044\u308b\u72b6\u614b\u3067\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u884c\u3046\u90e8\u5206\u3067\u3059\u3002\u2469\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u2465\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3068\u6bd4\u8f03\u3057\u3066\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u3067\u306f\u2460\u756a\u304b\u3089\u9806\u306b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u898b\u3066\u3044\u304f\u3053\u3068\u306b\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n<h3>\u2460 Authentication Request<\/h3>\n<p>CIBA\u306e\u30d5\u30ed\u30fc\u306f\u307e\u305a\u8a8d\u8a3c\u3092\u8981\u6c42\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u304b\u3089\u59cb\u307e\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u3001HTTP POST \u30e1\u30bd\u30c3\u30c9\u3092\u4f7f\u7528\u3057\u3001\u30d1\u30e9\u30e1\u30fc\u30bf\u3092 <em>application\/x-www-form-urlencoded<\/em> \u5f62\u5f0f\u3067HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u306eBody\u306b\u542b\u3081\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n<p>\u307e\u305f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a8d\u8a3c\u65b9\u5f0f\u306b\u95a2\u3057\u3066\u306f <a href=\"https:\/\/openid.net\/specs\/openid-connect-core-1_0.html#ClientAuthentication\">OpenID Connect Core 1.0<\/a> \u3067\u3001<strong>client_secret_basic<\/strong> \u3068\u3057\u3066\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306a\u3001Basic\u8a8d\u8a3c\u306e\u5f62\u5f0f\u3092\u7528\u3044\u3066\u884c\u3063\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u5f62\u5f0f\u306f \u30af\u30e9\u30a4\u30a2\u30f3\u30c8ID\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092\u30b3\u30ed\u30f3(:)\u3067\u306f\u3055\u3093\u3067\u7d50\u5408\u3057base64\u5316\u3057\u305f\u3082\u306e\u3092 <em>Authorization<\/em> \u30d8\u30c3\u30c0\u30fc\u306b\u8f09\u305b\u307e\u3059\u3002\u79c1\u306e\u8a2d\u5b9a\u306e\u5834\u5408\u306f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8ID\u304c <em>test-client<\/em> \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u304c <em>2ae6d81d-bc78-434e-a7b8-985921e0d47b<\/em> \u306a\u306e\u3067\u3001Mac\u3067\u306e\u30b3\u30de\u30f3\u30c9\u306e\u4e00\u4f8b\u3060\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">$ echo -n 'test-client:2ae6d81d-bc78-434e-a7b8-985921e0d47b' | openssl base64\r\n\r\ndGVzdC1jbGllbnQ6MmFlNmQ4MWQtYmM3OC00MzRlLWE3YjgtOTg1OTIxZTBkNDdi<\/pre>\n<p>&nbsp;<\/p>\n<p>\u4eca\u56de\u4f7f\u3046\u30d8\u30c3\u30c0\u30fc\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 33.3333%\">\u30d8\u30c3\u30c0\u30fc\u540d<\/td>\n<td style=\"width: 33.3333%\">\u5024<\/td>\n<td style=\"width: 33.3333%\">\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Content-Type<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>application\/x-www-form-urlencoded<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\"><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Authorization<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Basic bXljbGllbnQ6NDQ4N2JkYzgtZTQ1ZS00OGMyLTg2MzUtY2IyM2NiNWUyZjYz<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>client_secret_basic \u5f62\u5f0f\u6642\u306e\u6e21\u3057\u65b9\u3067\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>Body\u306b\u542b\u307e\u305b\u308b\u5024\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%;height: 120px\">\n<tbody>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\u540d\u524d<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\u5024<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 48px\">\n<td style=\"width: 33.3333%;height: 48px\">\n<div>\n<div>scope<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 48px\">\n<div>\n<div>openid<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 48px\">\n<div>\n<div>\u30a2\u30af\u30bb\u30b9\u3092\u8981\u6c42\u3057\u3066\u3044\u308b\u7bc4\u56f2\u3067\u3059\u3002\u3053\u306e\u5024\u306f\u5fc5\u9808\u3067\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>login_hint<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>cl-taro<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>\u8a8d\u8a3c\u304c\u8981\u6c42\u3055\u308c\u3066\u3044\u308b\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u30fc\u3092\u7279\u5b9a\u3059\u308b\u305f\u3081\u306e\u3001OpenID\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3078\u306e\u30d2\u30f3\u30c8\u306b\u306a\u308b\u60c5\u5831\u3067\u3059\u3002<\/div>\n<div><\/div>\n<div><span style=\"text-decoration: underline\"><strong>Keycloak\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001\u3053\u308c\u306f\u30e6\u30fc\u30b6\u30fc\u306e\u30e6\u30fc\u30b6\u30fc\u540d\u306b\u306a\u308a\u307e\u3059\u3002<\/strong><\/span><\/div>\n<div><\/div>\n<div>CIBA\u306e\u4ed5\u69d8\u3068\u3057\u3066\u306f <em>login_hint_token<\/em>, <em>id_token_hint<\/em>, <em>login_hint<\/em> \u306e\u3046\u30611\u3064\u306f\u5fc5\u9808\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>binding_message<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>test message 0001<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>CD(consumption device) \u3068 AD(authentication device) \u306e\u4e21\u65b9\u306b\u8868\u793a\u3055\u308c\u308b\u3053\u3068\u3092\u610f\u56f3\u3057\u305f\u4eba\u9593\u304c\u8aad\u3081\u308b\u8b58\u5225\u5b50\u307e\u305f\u306f\u30e1\u30c3\u30bb\u30fc\u30b8\u306a\u3069\u3067\u3059\u3002<\/div>\n<div><\/div>\n<div>\u3053\u306e\u5024\u306b\u3088\u308a\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u30fc\u306f\u3001AD(authentication device)\u3067\u884c\u308f\u308c\u305f\u30a2\u30af\u30b7\u30e7\u30f3\u304cCD(consumption device)\u3067\u958b\u59cb\u3055\u308c\u305f\u8981\u6c42\u306b\u95a2\u9023\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u305f\u3081\u3001CIBA\u306e\u4ed5\u69d8\u3068\u3057\u3066\u306f\u3053\u306e\u5024\u306f\u30aa\u30d7\u30b7\u30e7\u30ca\u30eb\u3067\u3059\u304c\u3001\u591a\u304f\u306e\u5834\u5408\u5fc5\u8981\u3060\u3068\u500b\u4eba\u7684\u306b\u306f\u8003\u3048\u3066\u304a\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u307e\u305f\u30ea\u30af\u30a8\u30b9\u30c8URL\u306b\u306f <strong>\u30ec\u30eb\u30e0\u540d<\/strong> \u3092\u542b\u3093\u3067\u304a\u308a\u307e\u3059\u3002\u5404\u81ea\u4f5c\u6210\u3057\u305f\u30ec\u30eb\u30e0\u540d\u3067\u8aad\u307f\u66ff\u3048\u3066\u304f\u3060\u3055\u3044\u3002<em>http:\/\/localhost:8088\/auth\/realms\/{\u30ec\u30eb\u30e0\u540d}\/protocol\/openid-connect\/ext\/ciba\/auth<\/em><\/p>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.keycloak.org\/docs\/latest\/securing_apps\/index.html#_backchannel_authentication_endpoint\">Keycloak: Backchannel Authentication Endpoint<\/a><\/li>\n<li><a href=\"https:\/\/openid.net\/specs\/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_request\">OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 draft-04 7.1. Authentication Request\u00a0<\/a><\/li>\n<\/ul>\n<p>\u30b5\u30f3\u30d7\u30eb\u306e\u5834\u5408\u306f\u3053\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<em>http:\/\/localhost:8088\/auth\/realms\/SampleRealm\/protocol\/openid-connect\/ext\/ciba\/auth<\/em><\/p>\n<div>\n<div>\u30b5\u30f3\u30d7\u30eb\u306e CURL\u6587\u3068\u3057\u3066\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<div>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -X POST \\\r\n   -H \"Content-Type:application\/x-www-form-urlencoded\" \\\r\n   -H \"Authorization:Basic dGVzdC1jbGllbnQ6MmFlNmQ4MWQtYmM3OC00MzRlLWE3YjgtOTg1OTIxZTBkNDdi\" \\\r\n   -d \"scope=openid\uff0520email\uff0520example-scope\" \\\r\n   -d \"login_hint=cl-taro\" \\\r\n   -d \"binding_message=test message 0001\" \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/SampleRealm\/protocol\/openid-connect\/ext\/ciba\/auth'<\/pre>\n<h3>\u2461 Successful Authentication Request Acknowledgement<\/h3>\n<p>\u2460\u306e <em>Authentication Reques<\/em>t \u306e\u30ec\u30b9\u30dd\u30f3\u30b9(\u2461)\u306f <em>application\/json<\/em> \u5f62\u5f0f\u3067\u9001\u3089\u308c\u3066\u304d\u307e\u3059\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u6574\u5f62\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/div>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\">{\r\n    \"auth_req_id\": \"eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..iazuIbFU1q16EjLHwBI-aQ.RAnmpznLSmM3UF75kK59-5cTVBlrSbXDXJQqZjQg9FScQSh_12UhxP5XExEDaDq_0m2viZ_mGFs7O0wq_LQ1sfxAd9uJd2UpD2p8XWlrPyl16FE6evHRjDGCGipvDkjTeBFlrTTapGcvPmxnSH_uu8XJeY_tGSWSSg-WxSAnDYB9FvjkfJDsfFQdU2_sOI2LBRnQlCuJBAdEkRhyQNQliSCE9cy9Zo9MWmCrVcDBft0_pYa3DIbfHxFs6ITqlb6_B9zEIVWZJsq2mcj9utTRxsR4B7fOJ4gP-e6MmmoIgNsTWG_HHkv-dwo9_rhCkSCIqpjvXrSkDccTz3BQvYD1xzxeuaod-2L31wp3donFonEnI5FPwb0BTwMPZ0rH_f6Dmee_RW9cBIGfBz3wGT7K9nHDU1OcyQdZtRqUuzR6GSnjFjNVRy_zry-0ujs3QgWS2rNHlQQqkQAXY6qpncVBSAkGGCf8dlgU3S31152MKtles3LVhKFUETybNhPsWFIqpkIPPZ0Y5qWksMGsEyNu49LIM1eqpoV2jTPAg9re7Cx9tdZr_XteuqREIZchJmYuEMmhk6H-_lTa9AfsL1db3pLpL-PwOZltmwcHOUwEcpIjqr91hZ-CdgzQvhNOJHfJyBRxpreHqDxIs7tBR8VGwFmtKiLKOu-mGuFnaICFwFHA1DgIFSpN9Tret4CoFqWjF50XTzjYkwKrqCQYIul7BWENDWcDwLA1JE5dU5LOZBn1HykSwerQceOlX9wcktgO9ajP9au9twggSlyy1rWSm0FgIBGULeUxgmD6hroyLIlZYsUYnOH2Ur2W9fIq0j7PAvznq5JC2OWWB4OtkeANeSxvEzle8M1Y-97n91M3tXogUdOQccy9ahUD15lzpSUoHFNpajr1IXVLTleqCpI-Gw.mfS4kUF5fPO4ZTCQNL3CvQ\",\r\n    \"expires_in\": 600,\r\n    \"interval\": 5\r\n}<\/pre>\n<p>\u3053\u306eJSON\u5f62\u5f0f\u306e\u30c7\u30fc\u30bf\u3092\u7c21\u5358\u306b\u8aac\u660e\u3057\u3066\u3044\u304f\u3068\u3001<\/p>\n<table style=\"border-collapse: collapse;width: 100%;height: 96px\">\n<tbody>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">\u30ad\u30fc\u540d<\/td>\n<td style=\"width: 50%;height: 24px\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">\n<div>\n<div>auth_req_id<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 24px\">\n<div>\n<div>\u8a8d\u8a3c\u3092\u8981\u6c42\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u8b58\u5225\u3059\u308b\u305f\u3081\u306e\u4e00\u610f\u306e\u8b58\u5225\u5b50\u3067\u3059\u3002\u3053\u306e\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u5fc5\u9808\u3067\u8fd4\u3063\u3066\u304d\u307e\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">\n<div>\n<div>expires_in<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 24px\">\n<div>\n<div>auth_req_id \u306e\u6709\u52b9\u671f\u9650\u3092\u79d2\u5358\u4f4d\u3067\u793a\u3059\u3001\u6b63\u306e\u6574\u6570\u5024\u3067\u3059\u3002\u3053\u306e\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u5fc5\u9808\u3067\u8fd4\u3063\u3066\u304d\u307e\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 50%;height: 24px\">\n<div>\n<div>interval<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%;height: 24px\">\n<div>\n<div>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30c8\u30fc\u30af\u30f3\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u306e\u30dd\u30fc\u30ea\u30f3\u30b0\u8981\u6c42\u3092\u518d\u5ea6\u884c\u3046\u307e\u3067\u306b\u5f85\u6a5f\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u6700\u5c0f\u6642\u9593\u3092\u3001\u79d2\u5358\u4f4d\u3067\u793a\u3059\u6b63\u306e\u6574\u6570\u5024\u3067\u3059\u3002\u6307\u5b9a\u304c\u306a\u3044\u5834\u5408\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u306f5\u79d2\u3067\u3059\u3002\u3053\u306e\u5024\u306fCIBA\u306e\u4ed5\u69d8\u4e0a\u30aa\u30d7\u30b7\u30e7\u30ca\u30eb\u3067\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"text-decoration: underline\"><strong>auth_req_id \u306f \u5f8c\u306e \u2464 Token Request \u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u4f7f\u3044\u307e\u3059\u306e\u3067\u3001\u4efb\u610f\u306e\u5a92\u4f53\u306b\u30e1\u30e2\u3057\u3066\u304a\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/strong><\/span><\/p>\n<p>&nbsp;<\/p>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/openid.net\/specs\/openid-client-initiated-backchannel-authentication-core-1_0.html#successful_authentication_request_acknowdlegment\">OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 draft-04 7.3. Successful Authentication Request Acknowledgement\u00a0<\/a><\/li>\n<\/ul>\n<h3>\u2462 Authentication Delegation Request<\/h3>\n<p>Keycloak\u306bCIBA\u306e\u4ed5\u69d8\u306b\u6cbf\u3063\u305f \u2460\u306e<em>Authentication Request<\/em> \u306e\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u5c4a\u304f\u3068\u3001Keycloak\u306fAuthentication entity\u306b\u8a8d\u8a3c\u3092\u59d4\u4efb\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8(<em>Authentication Delegation Request<\/em>)\u3092HTTP POST \u30e1\u30bd\u30c3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u9001\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d8\u30c3\u30c0\u30fc\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 33.3333%\">\u30d8\u30c3\u30c0\u30fc\u540d<\/td>\n<td style=\"width: 5.0232%\">\u5024<\/td>\n<td style=\"width: 61.6434%\">\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Content-Type<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 5.0232%\">\n<div>\n<div>application\/x-www-form-urlencoded<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 61.6434%\"><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Authorization<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 5.0232%\">\n<div>\n<div>Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJVZW9OQjYxbGt3ZGhJX1ctOU02S2haUksxWFpKdHdjd0pMQ3dJVFA1dTd3In0.eyJleHAiOjE2MjY3MTQzNTAsImp0aSI6IjNiYzRmNTkwLTQ0MmMtNDQ0ZS04YWU0LWRhODcxYmM5MmFkOCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9TYW1wbGVSZWFsbSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9TYW1wbGVSZWFsbSIsInN1YiI6ImM4Zjg4YzliLTA2YTUtNDgwNy1iZjJmLTYxMzVjNjBhMDY4NiIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlc3QtY2xpZW50In0.ivP4wN8wzLuOpmj6GaUxulmLxvuiXKvAQAl2ifBklm6iVJtJNiCZ24pcTw0GrE7SjBrn6SblO2eAscb1gQyIQGWZohbav0KZbhL37ZDlqK9ZYRNE0nWHYspBsB0kVR-Svj58BrGOvCuotmNrz5nPOgYjvlUl5V_d7mSxyYGUZ-3IBFsOvqo_aqKD2336ygjx_TDFTZ1LLjFA7cUAE6iLnFYPmFexYJrls7jvUI4OiJyIYMq3okIYhteZjeZSQKmz3PeMkSUl3W6qe4QoI7245Y7a862QbQOG7wqzJouYLwJVrzqtjbluWZMToy3A-oOEJk5HtAC59YMgMRUOGU9unA<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 61.6434%\">\n<div>\n<div>\n<div>\n<div>\u3053\u306e\u5024\u306f\u90fd\u5ea6\u9055\u3046\u8b58\u5225\u5b50\u3067 Authentication entity \u304c\u8a8d\u8a3c\u306e\u7d50\u679c\u3092Keycloak\u306b\u901a\u77e5\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u884c\u3046\u3068\u304d\u306b\u4f7f\u7528\u3057\u307e\u3059\u3002<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div>\n<p>Body\u306b\u542b\u307e\u305b\u308b\u5024\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%;height: 216px\">\n<tbody>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\u540d\u524d<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\u5024<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 48px\">\n<td style=\"width: 33.3333%;height: 48px\">\n<div>\n<div>scope<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 48px\">\n<div>\n<div>openid profile roles email<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 48px\">\n<div>Authentication entity\u304c\u8a8d\u8a3c\u5f8c\u306b\u30e6\u30fc\u30b6\u30fc\u306b\u540c\u610f\u3092\u6c42\u3081\u308b\u7bc4\u56f2\u3067\u3059\u3002\u3053\u306e\u5024\u306f\u5fc5\u9808\u3067\u3059\u3002<\/div>\n<div><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>login_hint<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>cl-taro<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>\u8a8d\u8a3c\u304c\u8981\u6c42\u3055\u308c\u3066\u3044\u308b\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u30fc\u3092\u7279\u5b9a\u3059\u308b\u305f\u3081\u306e\u3001Authentication entity\u3078\u306e\u30d2\u30f3\u30c8\u306b\u306a\u308b\u60c5\u5831\u3067\u3059\u3002<\/div>\n<div><\/div>\n<div>Keycloak\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001\u3053\u308c\u306f\u30e6\u30fc\u30b6\u30fc\u306e <em>\u30e6\u30fc\u30b6\u30fc\u540d<\/em> \u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 96px\">\n<td style=\"width: 33.3333%;height: 96px\">\n<div>\n<div>\n<div>\n<div>is_consent_required<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 96px\">\n<div>\n<div>\n<div>\n<div>false<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 96px\">\n<div>\n<div>\n<div>\n<div>Authentication entity\u304c\u3001scope\u306b\u3064\u3044\u3066\u8a8d\u8a3c\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u304b\u3089\u540c\u610f\u3092\u5f97\u308b\u5fc5\u8981\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3092\u793a\u3059\u5024\u3067\u3059\u3002<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>\n<div>\n<div>binding_message<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>\n<div>\n<div>test message 0001<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\n<div>\n<div>\n<div>\n<div>\u2460\u306eAuthentication Request\u306b\u542b\u3081\u305f\u5024\u3068\u540c\u3058\u3067\u3001CD(consumption device) \u3068 AD(authentication device) \u306e\u4e21\u65b9\u306b\u8868\u793a\u3055\u308c\u308b\u3053\u3068\u3092\u610f\u56f3\u3057\u305f\u4eba\u9593\u304c\u8aad\u3081\u308b\u8b58\u5225\u5b50\u307e\u305f\u306f\u30e1\u30c3\u30bb\u30fc\u30b8\u306a\u3069\u3067\u3059\u3002<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u3001Authentication Channel Provider\u306e\u8a2d\u5b9a\u3067\u767b\u9332\u3057\u305fURL\u306b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u3092\u8a18\u8f09\u3057\u305f\u306e\u3067\u3001 http:\/\/authn-server:3000\/api\/v1\/auth\u00a0\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"xml\">&lt;spi name=\"ciba-auth-channel\"&gt;\r\n    &lt;default-provider&gt;ciba-http-auth-channel&lt;\/default-provider&gt;\r\n    &lt;provider name=\"ciba-http-auth-channel\" enabled=\"true\"&gt;\r\n        &lt;properties&gt;\r\n            &lt;property name=\"httpAuthenticationChannelUri\" value=\"http:\/\/authn-server:3000\/api\/v1\/auth\"\/&gt;\r\n        &lt;\/properties&gt;\r\n    &lt;\/provider&gt;\r\n&lt;\/spi&gt;<\/pre>\n<p>&nbsp;<\/p>\n<\/div>\n<h3>\u2463 Response (\u2462 Authentication Delegation Request \u306e\u30ec\u30b9\u30dd\u30f3\u30b9)<\/h3>\n<p>\u2462 <em>Authentication Delegation Request<\/em> \u306e\u30ec\u30b9\u30dd\u30f3\u30b9(\u2463)\u3068\u3057\u3066\u5fc5\u8981\u306a\u7528\u4ef6\u306f\u3001 HTTP status code \u3068\u3057\u3066 <em>201<\/em> \u3092\u8fd4\u5374\u3059\u308b\u3053\u3068\u3060\u3051\u3067\u3059\u3002<\/p>\n<p>\u305f\u3060\u3057\u3001Authentication entity\u306e\u5b9f\u88c5\u3068\u3057\u3066\u306f<em> \u2462 Authentication Delegation Request<\/em> \u3067\u53d7\u3051\u53d6\u3063\u305f <em>Authorization<\/em> \u30d8\u30c3\u30c0\u30fc\u306e\u5024\u3092\u3001\u5f8c\u306e <strong>\u2466 Authentication Result Notification \u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u4f7f\u3044\u307e\u3059\u306e\u3067\u3001\u4efb\u610f\u306e\u5a92\u4f53\u306b\u8a18\u9332\u3057\u3066\u304a\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/strong><\/p>\n<h3>\u2464 Token Request<\/h3>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u30c8\u30fc\u30af\u30f3\u3092\u8981\u6c42\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u3059\u3002<br \/>\nCIBA\u306e\u4ed5\u69d8\u3067\u306f\u3001\u30c8\u30fc\u30af\u30f3\u3092\u3084\u308a\u3068\u308a\u3059\u308b\u65b9\u6cd5\u3068\u3057\u3066\u4e0b\u8a18\u306e3\u30d1\u30bf\u30fc\u30f3\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>Poll Mode<\/li>\n<li>Ping Mode<\/li>\n<li>Push Mode<\/li>\n<\/ul>\n<p>\u305f\u3060\u3057\u3001Keycloak \u306f <em>poll<\/em> \u306e\u307f\u306b\u5bfe\u5fdc\u3057\u3066\u304a\u308a\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3082 <em>poll<\/em> \u3067\u3059\u3002\u307e\u305f\u3001\u3053\u306e\u30dd\u30fc\u30ea\u30f3\u30b0\u306e\u51e6\u7406\u306f \u2460 Authentication Request \u306e \u30ec\u30b9\u30dd\u30f3\u30b9(\u2461) \u306b\u3042\u308b\u3001 <em>interval<\/em> \u306e\u30bf\u30a4\u30df\u30f3\u30b0\u3088\u308a\u77ed\u3044\u9593\u9694\u3067\u30dd\u30fc\u30ea\u30f3\u30b0\u3092\u884c\u3046\u3068\u30a8\u30e9\u30fc\u304c\u8fd4\u3063\u3066\u304f\u308b\u305f\u3081\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d8\u30c3\u30c0\u30fc\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 33.3333%\">\u30d8\u30c3\u30c0\u30fc\u540d<\/td>\n<td style=\"width: 33.3333%\">\u5024<\/td>\n<td style=\"width: 33.3333%\">\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Content-Type<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>application\/x-www-form-urlencoded<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\"><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Authorization<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Basic bXljbGllbnQ6NDQ4N2JkYzgtZTQ1ZS00OGMyLTg2MzUtY2IyM2NiNWUyZjYz<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\"><em>client_secret_basic<\/em> \u5f62\u5f0f\u6642\u306e\u6e21\u3057\u65b9\u3067\u3059\u3002\u2460\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u8a2d\u5b9a\u3057\u305f Authorization \u30d8\u30c3\u30c0\u30fc\u306e\u5024\u3068\u540c\u3058\u5024\u3067\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Body\u306b\u542b\u307e\u305b\u308b\u5024\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%;height: 312px\">\n<tbody>\n<tr style=\"height: 24px\">\n<td style=\"width: 33.3333%;height: 24px\">\u540d\u524d<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\u5024<\/td>\n<td style=\"width: 33.3333%;height: 24px\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 96px\">\n<td style=\"width: 33.3333%;height: 96px\">\n<div>\n<div>grant_type<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 96px\">\n<div>\n<div>urn:openid:params:grant-type:ciba<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 96px\">\n<div>\n<div>\u3053\u306e\u5024\u306f\u5fc5\u9808\u3067\u3001<em>urn:openid:params:grant-type:ciba<\/em> \u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 192px\">\n<td style=\"width: 33.3333%;height: 192px\">\n<div>\n<div>auth_req_id<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 192px\">\n<div>\n<div>eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..iazuIbFU1q16EjLHwBI-aQ.RAnmpznLSmM3UF75kK59-5cTVBlrSbXDXJQqZjQg9FScQSh_12UhxP5XExEDaDq_0m2viZ_mGFs7O0wq_LQ1sfxAd9uJd2UpD2p8XWlrPyl16FE6evHRjDGCGipvDkjTeBFlrTTapGcvPmxnSH_uu8XJeY_tGSWSSg-WxSAnDYB9FvjkfJDsfFQdU2_sOI2LBRnQlCuJBAdEkRhyQNQliSCE9cy9Zo9MWmCrVcDBft0_pYa3DIbfHxFs6ITqlb6_B9zEIVWZJsq2mcj9utTRxsR4B7fOJ4gP-e6MmmoIgNsTWG_HHkv-dwo9_rhCkSCIqpjvXrSkDccTz3BQvYD1xzxeuaod-2L31wp3donFonEnI5FPwb0BTwMPZ0rH_f6Dmee_RW9cBIGfBz3wGT7K9nHDU1OcyQdZtRqUuzR6GSnjFjNVRy_zry-0ujs3QgWS2rNHlQQqkQAXY6qpncVBSAkGGCf8dlgU3S31152MKtles3LVhKFUETybNhPsWFIqpkIPPZ0Y5qWksMGsEyNu49LIM1eqpoV2jTPAg9re7Cx9tdZr_XteuqREIZchJmYuEMmhk6H-_lTa9AfsL1db3pLpL-PwOZltmwcHOUwEcpIjqr91hZ-CdgzQvhNOJHfJyBRxpreHqDxIs7tBR8VGwFmtKiLKOu-mGuFnaICFwFHA1DgIFSpN9Tret4CoFqWjF50XTzjYkwKrqCQYIul7BWENDWcDwLA1JE5dU5LOZBn1HykSwerQceOlX9wcktgO9ajP9au9twggSlyy1rWSm0FgIBGULeUxgmD6hroyLIlZYsUYnOH2Ur2W9fIq0j7PAvznq5JC2OWWB4OtkeANeSxvEzle8M1Y-97n91M3tXogUdOQccy9ahUD15lzpSUoHFNpajr1IXVLTleqCpI-Gw.mfS4kUF5fPO4ZTCQNL3CvQ<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%;height: 192px\">\n<div>\n<div>\u8a8d\u8a3c\u3092\u8981\u6c42\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u8b58\u5225\u3059\u308b\u305f\u3081\u306e\u4e00\u610f\u306e\u8b58\u5225\u5b50\u3067\u3059\u3002\u5177\u4f53\u5024\u3068\u3057\u3066\u306f\u2460 Authentication Request\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3067\u3042\u308b\u2461\u306b\u542b\u307e\u308c\u3066\u3044\u308b auth_req_id \u306e\u5024\u3067\u3059\u3002\u3053\u306e\u5024\u306f\u5fc5\u9808\u3067\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u30b5\u30f3\u30d7\u30eb\u306e CURL\u6587\u3068\u3057\u3066\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -X POST \\\r\n   -H \"Content-Type:application\/x-www-form-urlencoded\" \\\r\n   -H \"Authorization:Basic dGVzdC1jbGllbnQ6MmFlNmQ4MWQtYmM3OC00MzRlLWE3YjgtOTg1OTIxZTBkNDdi\" \\\r\n   -d \"grant_type=urn:openid:params:grant-type:ciba\" \\\r\n   -d \"auth_req_id=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..iazuIbFU1q16EjLHwBI-aQ.RAnmpznLSmM3UF75kK59-5cTVBlrSbXDXJQqZjQg9FScQSh_12UhxP5XExEDaDq_0m2viZ_mGFs7O0wq_LQ1sfxAd9uJd2UpD2p8XWlrPyl16FE6evHRjDGCGipvDkjTeBFlrTTapGcvPmxnSH_uu8XJeY_tGSWSSg-WxSAnDYB9FvjkfJDsfFQdU2_sOI2LBRnQlCuJBAdEkRhyQNQliSCE9cy9Zo9MWmCrVcDBft0_pYa3DIbfHxFs6ITqlb6_B9zEIVWZJsq2mcj9utTRxsR4B7fOJ4gP-e6MmmoIgNsTWG_HHkv-dwo9_rhCkSCIqpjvXrSkDccTz3BQvYD1xzxeuaod-2L31wp3donFonEnI5FPwb0BTwMPZ0rH_f6Dmee_RW9cBIGfBz3wGT7K9nHDU1OcyQdZtRqUuzR6GSnjFjNVRy_zry-0ujs3QgWS2rNHlQQqkQAXY6qpncVBSAkGGCf8dlgU3S31152MKtles3LVhKFUETybNhPsWFIqpkIPPZ0Y5qWksMGsEyNu49LIM1eqpoV2jTPAg9re7Cx9tdZr_XteuqREIZchJmYuEMmhk6H-_lTa9AfsL1db3pLpL-PwOZltmwcHOUwEcpIjqr91hZ-CdgzQvhNOJHfJyBRxpreHqDxIs7tBR8VGwFmtKiLKOu-mGuFnaICFwFHA1DgIFSpN9Tret4CoFqWjF50XTzjYkwKrqCQYIul7BWENDWcDwLA1JE5dU5LOZBn1HykSwerQceOlX9wcktgO9ajP9au9twggSlyy1rWSm0FgIBGULeUxgmD6hroyLIlZYsUYnOH2Ur2W9fIq0j7PAvznq5JC2OWWB4OtkeANeSxvEzle8M1Y-97n91M3tXogUdOQccy9ahUD15lzpSUoHFNpajr1IXVLTleqCpI-Gw.mfS4kUF5fPO4ZTCQNL3CvQ\" \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/SampleRealm\/protocol\/openid-connect\/token'<\/pre>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/openid.net\/specs\/openid-client-initiated-backchannel-authentication-core-1_0.html#token_request\">OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 draft-04 10.1. Token Request Using CIBA Grant Type\u00a0<\/a><\/li>\n<\/ul>\n<h3>\u2465 Token Error Response<\/h3>\n<p>\u3053\u306e\u8cc7\u6599\u3067\u306f Token Request \u3092\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u72b6\u614b\u3067\u9001\u3063\u305f\u30b1\u30fc\u30b9\u3068\u3001\u8a8d\u8a3c\u304c\u6b63\u5e38\u306b\u5b8c\u4e86\u3057\u3066\u3044\u308b\u72b6\u614b\u3067\u9001\u3063\u305f\u30b1\u30fc\u30b9\u3067\u305d\u308c\u305e\u308c\u306e\u72b6\u614b\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u7d39\u4ecb\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p>\u2465\u306f\u307e\u305a\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u30b1\u30fc\u30b9\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3067\u3059\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u306fHTTP\u30b9\u30c6\u30fc\u30bf\u30b9\u30b3\u30fc\u30c9400\u3067\u00a0<em>application\/json<\/em> \u5f62\u5f0f\u3067\u9001\u3089\u308c\u3066\u304d\u307e\u3059\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u6574\u5f62\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u00a0\u4eca\u56de\u306e\u30b1\u30fc\u30b9\u3067\u306f\u8a8d\u8a3c\u304c\u6e08\u3093\u3067\u3044\u306a\u3044\u306e\u3067\u3001\u8a8d\u8a3c\u8981\u6c42\u304c\u4fdd\u7559\u3068\u306a\u3063\u3066\u3044\u308b\u3068\u3044\u3046\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\">{\r\n    \"error\": \"authorization_pending\",\r\n    \"error_description\": \"The authorization request is still pending as the end-user hasn't yet been authenticated.\"\r\n}<\/pre>\n<p>\u3053\u306eJSON\u5f62\u5f0f\u306e\u30c7\u30fc\u30bf\u3092\u7c21\u5358\u306b\u8aac\u660e\u3057\u3066\u3044\u304f\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 50%\">\u30ad\u30fc\u540d<\/td>\n<td style=\"width: 50%\">\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 50%\">\n<div>\n<div>error<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%\">\n<div>\n<div>\u30a8\u30e9\u30fc\u30b3\u30fc\u30c9\u3002\u5fc5\u9808\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 50%\">\n<div>\n<div>error_description<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%\">\n<div>\n<div>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u767a\u751f\u3057\u305f\u30a8\u30e9\u30fc\u3092\u7406\u89e3\u3059\u308b\u306e\u306b\u5f79\u7acb\u3064\u8ffd\u52a0\u60c5\u5831\u3002\u30aa\u30d7\u30b7\u30e7\u30ca\u30eb\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u4eca\u56de\u306e\u30a8\u30e9\u30fc\u306f\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u30fc\u304c\u307e\u3060\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u305f\u3081\u3001\u8a8d\u8a3c\u8981\u6c42\u306f\u307e\u3060\u30da\u30f3\u30c7\u30a3\u30f3\u30b0\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/openid.net\/specs\/openid-client-initiated-backchannel-authentication-core-1_0.html#token_error_response\">OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 draft-04 11. Token Error Response\u00a0<\/a><\/li>\n<\/ul>\n<h3>\u2466 Authentication Result Notification<\/h3>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f \u8a8d\u8a3c\u7d50\u679c\u3092Authentication entity \u304b\u3089 Keycloak \u306b\u901a\u77e5\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d8\u30c3\u30c0\u30fc\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 33.3333%\">\u30d8\u30c3\u30c0\u30fc\u540d<\/td>\n<td style=\"width: 33.3333%\">\u5024<\/td>\n<td style=\"width: 33.3333%\">\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>Content-Type<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>application\/json<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\"><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\n<div>\n<div>\n<div>\n<div>Authorization<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>\n<div>\n<div>Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJVZW9OQjYxbGt3ZGhJX1ctOU02S2haUksxWFpKdHdjd0pMQ3dJVFA1dTd3In0.eyJleHAiOjE2MjY3MTQzNTAsImp0aSI6IjNiYzRmNTkwLTQ0MmMtNDQ0ZS04YWU0LWRhODcxYmM5MmFkOCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9TYW1wbGVSZWFsbSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9TYW1wbGVSZWFsbSIsInN1YiI6ImM4Zjg4YzliLTA2YTUtNDgwNy1iZjJmLTYxMzVjNjBhMDY4NiIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlc3QtY2xpZW50In0.ivP4wN8wzLuOpmj6GaUxulmLxvuiXKvAQAl2ifBklm6iVJtJNiCZ24pcTw0GrE7SjBrn6SblO2eAscb1gQyIQGWZohbav0KZbhL37ZDlqK9ZYRNE0nWHYspBsB0kVR-Svj58BrGOvCuotmNrz5nPOgYjvlUl5V_d7mSxyYGUZ-3IBFsOvqo_aqKD2336ygjx_TDFTZ1LLjFA7cUAE6iLnFYPmFexYJrls7jvUI4OiJyIYMq3okIYhteZjeZSQKmz3PeMkSUl3W6qe4QoI7245Y7a862QbQOG7wqzJouYLwJVrzqtjbluWZMToy3A-oOEJk5HtAC59YMgMRUOGU9unA<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 33.3333%\">\n<div>\n<div>\u3053\u306e\u5024\u306f\u2462 Authentication Delegation Request\u3067\u9001\u4fe1\u3055\u308c\u3066\u304d\u305f Authorization\u30d8\u30c3\u30c0\u30fc\u3068\u540c\u3058\u5024\u3092\u4f7f\u3044\u307e\u3059<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div><\/div>\n<div>\n<div>Body\u306b\u542b\u307e\u305b\u308bJSON\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<div>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 25%\">\u30ad\u30fc\u540d<\/td>\n<td style=\"width: 25%\">\u5024<\/td>\n<td style=\"width: 50%\">\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 25%\">status<\/td>\n<td style=\"width: 25%\">\n<div>\n<div>SUCCEED<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50%\">\n<div>\n<div>\u5fc5\u9808\u3002\u3053\u306e\u5024\u306f SUCCEED (\u8a8d\u8a3c\u304c\u6b63\u5e38\u306b\u5b8c\u4e86), UNAUTHORIZED (\u8a8d\u8a3c\u304c\u5b8c\u4e86\u3057\u3066\u3044\u306a\u3044), CANCELLED(\u8a8d\u8a3c\u304c\u30e6\u30fc\u30b6\u30fc\u306b\u3088\u3063\u3066\u30ad\u30e3\u30f3\u30bb\u30eb\u3055\u308c\u305f) \u306e\u3044\u305a\u308c\u304b\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div>\n<div><\/div>\n<div>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306fAuthentication entity \u304b\u3089\u9001\u4fe1\u3059\u308b\u3082\u306e\u3067\u3059\u304c\u3001\u4eca\u56de\u306f\u4ee3\u308f\u308a\u306b\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u9001\u3063\u3066\u307f\u307e\u3059\u3002\u30b5\u30f3\u30d7\u30eb\u306e CURL\u6587\u3068\u3057\u3066\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -i -X POST \\\r\n   -H \"Content-Type:application\/json\" \\\r\n   -H \"Authorization:Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJVZW9OQjYxbGt3ZGhJX1ctOU02S2haUksxWFpKdHdjd0pMQ3dJVFA1dTd3In0.eyJleHAiOjE2MjY3MTQzNTAsImp0aSI6IjNiYzRmNTkwLTQ0MmMtNDQ0ZS04YWU0LWRhODcxYmM5MmFkOCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9TYW1wbGVSZWFsbSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9TYW1wbGVSZWFsbSIsInN1YiI6ImM4Zjg4YzliLTA2YTUtNDgwNy1iZjJmLTYxMzVjNjBhMDY4NiIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlc3QtY2xpZW50In0.ivP4wN8wzLuOpmj6GaUxulmLxvuiXKvAQAl2ifBklm6iVJtJNiCZ24pcTw0GrE7SjBrn6SblO2eAscb1gQyIQGWZohbav0KZbhL37ZDlqK9ZYRNE0nWHYspBsB0kVR-Svj58BrGOvCuotmNrz5nPOgYjvlUl5V_d7mSxyYGUZ-3IBFsOvqo_aqKD2336ygjx_TDFTZ1LLjFA7cUAE6iLnFYPmFexYJrls7jvUI4OiJyIYMq3okIYhteZjeZSQKmz3PeMkSUl3W6qe4QoI7245Y7a862QbQOG7wqzJouYLwJVrzqtjbluWZMToy3A-oOEJk5HtAC59YMgMRUOGU9unA\" \\\r\n   -d \\\r\n'{\r\n  \"status\":\"SUCCEED\"\r\n}' \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/SampleRealm\/protocol\/openid-connect\/ext\/ciba\/auth\/callback'<\/pre>\n<p>\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u8a8d\u8a3c\u304c\u6b63\u5e38\u306b\u5b8c\u4e86\u3057\u305f\u3068\u3044\u3046\u3053\u3068\u3092\u4f1d\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div>\u307e\u305f\u3001<strong>Authorization\u30d8\u30c3\u30c0\u30fc\u304c \u306a\u305c \u2460 Authentication Request \u3084 \u2464 Token Request \u306b\u7528\u3044\u308b\u5024\u3068\u9055\u3046\u306e\u304b<\/strong>\u3001\u3068\u6c17\u306b\u306a\u308b\u65b9\u3082\u4e00\u90e8\u5c45\u3089\u308c\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u5143\u30fb\u30ea\u30af\u30a8\u30b9\u30c8\u5148\u30fb\u7528\u9014 \u3092\u601d\u3044\u51fa\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u57fa\u672c\u7684\u306a\u30a4\u30e1\u30fc\u30b8\u3068\u3057\u3066\u306f <strong>\u8ab0\u304c \u4f55\u3092\u8b58\u5225\u30fb\u8a8d\u8a3c\u3057\u305f\u3044\u306e\u304b<\/strong> <em>\u306b\u3088\u3063\u3066\u6c7a\u3081\u308b\u3082\u306e\u3060<\/em>\u3068\u8003\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div><\/div>\n<div>\n<table style=\"border-collapse: collapse;width: 100%;height: 69px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 33.3333%;height: 23px\"><\/td>\n<td style=\"width: 16.6667%;height: 23px\">\u30ea\u30af\u30a8\u30b9\u30c8\u5143<\/td>\n<td style=\"width: 16.6667%\">\u30ea\u30af\u30a8\u30b9\u30c8\u5148<\/td>\n<td style=\"width: 33.3333%;height: 23px\">Authorization\u30d8\u30c3\u30c0\u30fc\u306e\u7528\u9014<\/td>\n<\/tr>\n<tr style=\"height: 23px\">\n<td style=\"width: 33.3333%;height: 23px\">\u2460 Authentication Request<\/td>\n<td style=\"width: 16.6667%;height: 23px\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8<br \/>\n(\u4eca\u56de\u306f\u4efb\u610f\u306e\u30b3\u30f3\u30bd\u30fc\u30eb)<\/td>\n<td style=\"width: 16.6667%\">Keycloak<\/td>\n<td style=\"width: 33.3333%;height: 23px\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8 \u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\u2462 Authentication Delegation Request<\/td>\n<td style=\"width: 16.6667%\">Keycloak<\/td>\n<td style=\"width: 16.6667%\">Authentication entity<\/td>\n<td style=\"width: 33.3333%\">Authentication entity \u3092\u8b58\u5225\u3059\u308b\u305f\u3081<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 33.3333%\">\u2464 Token Request<\/td>\n<td style=\"width: 16.6667%\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8<br \/>\n(\u4eca\u56de\u306f\u4efb\u610f\u306e\u30b3\u30f3\u30bd\u30fc\u30eb)<\/td>\n<td style=\"width: 16.6667%\">Keycloak<\/td>\n<td style=\"width: 33.3333%\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8 \u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081<\/td>\n<\/tr>\n<tr style=\"height: 23px\">\n<td style=\"width: 33.3333%;height: 23px\">\u2466 Authentication Result Notification<\/td>\n<td style=\"width: 16.6667%;height: 23px\">Authentication entity<\/td>\n<td style=\"width: 16.6667%\">Keycloak<\/td>\n<td style=\"width: 33.3333%;height: 23px\">Authentication entity \u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>&nbsp;<\/p>\n<div>\n<h3>\u2467 Response (\u2466 Authentication Result Notification)\u306e\u30ec\u30b9\u30dd\u30f3\u30b9<\/h3>\n<p>\u30ec\u30b9\u30dd\u30f3\u30b9\u306fHTTP\u30b9\u30c6\u30fc\u30bf\u30b9\u30b3\u30fc\u30c9200\u3067 <em>application\/json<\/em> \u5f62\u5f0f\u3067\u9001\u3089\u308c\u3066\u304d\u307e\u3059\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u6574\u5f62\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u5024\u3092CIBA\u30d5\u30ed\u30fc\u306b\u304a\u3044\u3066\u610f\u8b58\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u57fa\u672c\u7684\u306b\u306a\u3044\u305f\u3081\u89e3\u8aac\u3092\u5272\u611b\u3044\u305f\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\">{\r\n    \"type\": \"application\",\r\n    \"subtype\": \"json\",\r\n    \"parameters\": {},\r\n    \"wildcardType\": false,\r\n    \"wildcardSubtype\": false\r\n}<\/pre>\n<p>&nbsp;<\/p>\n<h3>\u2468 Token Request<\/h3>\n<p>\u3053\u306e\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u2464\u3067\u884c\u3063\u305f\u3082\u306e\u3068\u5168\u304f\u540c\u3058\u3082\u306e\u3067\u3059\u3002\u9055\u3046\u306e\u306f\u4eca\u56de\u306f\u8a8d\u8a3c\u304c\u6210\u529f\u3057\u3066\u3044\u308b\u72b6\u614b\u3067\u9001\u3063\u3066\u3044\u308b\u3068\u3044\u3046\u3053\u3068\u306e\u307f\u3067\u3059\u3002<\/p>\n<p>\u30b5\u30f3\u30d7\u30eb\u306e CURL\u6587\u3068\u3057\u3066\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -X POST \\\r\n   -H \"Content-Type:application\/x-www-form-urlencoded\" \\\r\n   -H \"Authorization:Basic dGVzdC1jbGllbnQ6MmFlNmQ4MWQtYmM3OC00MzRlLWE3YjgtOTg1OTIxZTBkNDdi\" \\\r\n   -d \"grant_type=urn:openid:params:grant-type:ciba\" \\\r\n   -d \"auth_req_id=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..iazuIbFU1q16EjLHwBI-aQ.RAnmpznLSmM3UF75kK59-5cTVBlrSbXDXJQqZjQg9FScQSh_12UhxP5XExEDaDq_0m2viZ_mGFs7O0wq_LQ1sfxAd9uJd2UpD2p8XWlrPyl16FE6evHRjDGCGipvDkjTeBFlrTTapGcvPmxnSH_uu8XJeY_tGSWSSg-WxSAnDYB9FvjkfJDsfFQdU2_sOI2LBRnQlCuJBAdEkRhyQNQliSCE9cy9Zo9MWmCrVcDBft0_pYa3DIbfHxFs6ITqlb6_B9zEIVWZJsq2mcj9utTRxsR4B7fOJ4gP-e6MmmoIgNsTWG_HHkv-dwo9_rhCkSCIqpjvXrSkDccTz3BQvYD1xzxeuaod-2L31wp3donFonEnI5FPwb0BTwMPZ0rH_f6Dmee_RW9cBIGfBz3wGT7K9nHDU1OcyQdZtRqUuzR6GSnjFjNVRy_zry-0ujs3QgWS2rNHlQQqkQAXY6qpncVBSAkGGCf8dlgU3S31152MKtles3LVhKFUETybNhPsWFIqpkIPPZ0Y5qWksMGsEyNu49LIM1eqpoV2jTPAg9re7Cx9tdZr_XteuqREIZchJmYuEMmhk6H-_lTa9AfsL1db3pLpL-PwOZltmwcHOUwEcpIjqr91hZ-CdgzQvhNOJHfJyBRxpreHqDxIs7tBR8VGwFmtKiLKOu-mGuFnaICFwFHA1DgIFSpN9Tret4CoFqWjF50XTzjYkwKrqCQYIul7BWENDWcDwLA1JE5dU5LOZBn1HykSwerQceOlX9wcktgO9ajP9au9twggSlyy1rWSm0FgIBGULeUxgmD6hroyLIlZYsUYnOH2Ur2W9fIq0j7PAvznq5JC2OWWB4OtkeANeSxvEzle8M1Y-97n91M3tXogUdOQccy9ahUD15lzpSUoHFNpajr1IXVLTleqCpI-Gw.mfS4kUF5fPO4ZTCQNL3CvQ\" \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/SampleRealm\/protocol\/openid-connect\/token'<\/pre>\n<h3>\u2469 Successful Token Response<\/h3>\n<p>\u8a8d\u8a3c\u304c\u6b63\u5e38\u306b\u5b8c\u4e86\u3057\u3066\u3044\u308b\u5834\u5408\u306e\u30c8\u30fc\u30af\u30f3\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u30ec\u30b9\u30dd\u30f3\u30b9\u306fHTTP\u30b9\u30c6\u30fc\u30bf\u30b9\u30b3\u30fc\u30c9200\u3067 <em>application\/json<\/em> \u5f62\u5f0f\u3067\u9001\u3089\u308c\u3066\u304d\u307e\u3059\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u6574\u5f62\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3084\u30ea\u30d5\u30ec\u30c3\u30b7\u30e5\u30c8\u30fc\u30af\u30f3\u3092\u624b\u306b\u5165\u308c\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<div>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\">{\r\n    \"access_token\": \"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJVZW9OQjYxbGt3ZGhJX1ctOU02S2haUksxWFpKdHdjd0pMQ3dJVFA1dTd3In0.eyJleHAiOjE2MjY3MTc0MjgsImlhdCI6MTYyNjcxNzEyOCwianRpIjoiOWQ4Y2JlOTQtZTMxYy00ZGQ5LWJkYmItM2E4ZTQ4Y2Q5YTUzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDg4L2F1dGgvcmVhbG1zL1NhbXBsZVJlYWxtIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImM4Zjg4YzliLTA2YTUtNDgwNy1iZjJmLTYxMzVjNjBhMDY4NiIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjAzMDQ1MzBkLTYyYjUtNDgzYi05ZTBmLTk4NTNkY2VjNWRiOSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImRlZmF1bHQtcm9sZXMtc2FtcGxlcmVhbG0iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJ0YXJvIGNyZWF0aW9ubGluZSIsInByZWZlcnJlZF91c2VybmFtZSI6ImNsLXRhcm8iLCJnaXZlbl9uYW1lIjoidGFybyIsImZhbWlseV9uYW1lIjoiY3JlYXRpb25saW5lIiwiZW1haWwiOiJjcmVhdGlvbmxpbmVAZXhhbXBsZS5jb20ifQ.JEt-YEqNJ5wx343zBB2tz4ImwxPjzLfjsYIW-jrZIkjGcdYB5T_2vEMSNJT8J2Os3wy5MWwF0ZreQM8KTHkBncIDFd6Pt9lpNI5nM1ROmIixmJ9JtSOl9oGrcN2yH2lS9mMIbZg4STlh5ULLywHah9Qm6nO5nWjrCYtPkG-EF7SMvec53_K363lguiqKuN_aqjfdLgvDdEvrAajbQ5ZYwq72-K9xP_frtt1IMeLEONJeLB_xO3sgwmpoCzTUZvuCGXIP9wrpxQ6o0fqFtJyOBWPlNb1YxAvFTyZtlxrdjfWBPp9xcys5a8xfJgr1cG3MuLiaADQOkYnE14wsJEZ9UQ\",\r\n    \"expires_in\": 300,\r\n    \"refresh_expires_in\": 1800,\r\n    \"refresh_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5YmNlY2RiNC0xZDNjLTQ4MDAtYjdlOS03NjEzYmMwNDVhNzMifQ.eyJleHAiOjE2MjY3MTg5MjgsImlhdCI6MTYyNjcxNzEyOCwianRpIjoiMTU2YmRiOGItZmU4ZS00NjIxLTgzZDAtZTM2ZDRjZWJjYjhmIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDg4L2F1dGgvcmVhbG1zL1NhbXBsZVJlYWxtIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDg4L2F1dGgvcmVhbG1zL1NhbXBsZVJlYWxtIiwic3ViIjoiYzhmODhjOWItMDZhNS00ODA3LWJmMmYtNjEzNWM2MGEwNjg2IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjAzMDQ1MzBkLTYyYjUtNDgzYi05ZTBmLTk4NTNkY2VjNWRiOSIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.8tllRuyakDap2Ob6IVMbvjLWBqLZel3m7AHoglKtzCc\",\r\n    \"token_type\": \"Bearer\",\r\n    \"not-before-policy\": 0,\r\n    \"session_state\": \"0304530d-62b5-483b-9e0f-9853dcec5db9\",\r\n    \"scope\": \"email profile\"\r\n}<\/pre>\n<p>\u3088\u308a\u8a73\u3057\u3044\u8a73\u7d30\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/openid.net\/specs\/openid-client-initiated-backchannel-authentication-core-1_0.html#token_response\">OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 draft-04 10.1.1. Successful Token Response\u00a0<\/a><\/li>\n<\/ul>\n<\/div>\n<h2>8. \u5f8c\u66f8\u304d<\/h2>\n<p>\u4eca\u56de\u306fKeycloak14.0.0 \u3092\u7528\u3044\u3066CIBA\u3092\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u3002\u3053\u306e\u8cc7\u6599\u3092\u8aad\u3080\u3053\u3068\u3067\u3001CIBA\u306e\u5bfe\u5fdc\u7bc4\u56f2\u3084\u3001Keycloak\u3067CIBA\u3092\u5b9f\u88c5\u3059\u308b\u6642\u306e\u52d8\u6240\u3001\u51e6\u7406\u306e\u6d41\u308c\u306e\u30a4\u30e1\u30fc\u30b8\u3092\u63b4\u3080\u3053\u3068\u306b\u5bfe\u3057\u3066\u5c11\u3057\u3067\u3082\u53c2\u8003\u306b\u306a\u308c\u3070\u5e78\u3044\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u8cc7\u6599\u306b\u306f\u30e6\u30fc\u30b6\u30fc\u3092\u8a8d\u8a3c\u3059\u308b\u90e8\u5206(CIBA\u306e\u4ed5\u69d8\u5916)\u306e\u6240\u3092\u542b\u3081\u3066\u304a\u308a\u307e\u305b\u3093\u3002\u6a5f\u4f1a\u304c\u3042\u308c\u3070\u30d7\u30c3\u30b7\u30e5\u901a\u77e5\u306a\u3069\u3092\u542b\u3081\u305f\u6c4e\u7528\u7684\u306a\u30d5\u30ed\u30fc\u3082\u7c21\u5358\u306b\u691c\u8a3c\u30fb\u89e3\u8aac\u3067\u304d\u308c\u3070\u3068\u601d\u3063\u3066\u304a\u308a\u307e\u3059\u3002<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d \u30ea\u30af\u30a8\u30b9\u30c8\u30d9\u30fc\u30b9\u3067\u306e\u89e3\u8aac \u5f8c\u66f8\u304d 2. \u6982\u8981 shiba \u30c1\u30fc\u30e0\u306e\u4e2d\u6751\u3067\u3059 [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":43704,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[520],"tags":[522,521,523,524],"class_list":["post-43470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-keycloak","tag-ciba","tag-keycloak","tag-oauth","tag-oidc"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3<\/title>\n<meta name=\"description\" content=\"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"og:description\" content=\"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470\" \/>\n<meta property=\"og:site_name\" content=\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/creationline\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-05T05:00:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-18T20:20:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"798\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@creationline\" \/>\n<meta name=\"twitter:site\" content=\"@creationline\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"6\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#\\\/schema\\\/person\\\/7d923d1c017568a1a5e66d7bb1c8764a\"},\"headline\":\"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc\",\"datePublished\":\"2021-08-05T05:00:49+00:00\",\"dateModified\":\"2021-11-18T20:20:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470\"},\"wordCount\":1164,\"image\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/creationline-logo.png\",\"keywords\":[\"CIBA\",\"Keycloak\",\"oauth\",\"oidc\"],\"articleSection\":[\"keycloak\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470\",\"name\":\"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/creationline-logo.png\",\"datePublished\":\"2021-08-05T05:00:49+00:00\",\"dateModified\":\"2021-11-18T20:20:04+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#\\\/schema\\\/person\\\/7d923d1c017568a1a5e66d7bb1c8764a\"},\"description\":\"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#primaryimage\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/creationline-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/creationline-logo.png\",\"width\":1280,\"height\":798},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\\\/43470#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"HOME\",\"item\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\",\"item\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"keycloak\",\"item\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/keycloak\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#website\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/\",\"name\":\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"description\":\"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#\\\/schema\\\/person\\\/7d923d1c017568a1a5e66d7bb1c8764a\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/avatar.png\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/avatar.png\",\"contentUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/avatar.png\",\"caption\":\"admin\"},\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/author\\\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470","og_locale":"ja_JP","og_type":"article","og_title":"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","og_description":"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d","og_url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470","og_site_name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","article_publisher":"https:\/\/www.facebook.com\/creationline","article_published_time":"2021-08-05T05:00:49+00:00","article_modified_time":"2021-11-18T20:20:04+00:00","og_image":[{"width":1280,"height":798,"url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@creationline","twitter_site":"@creationline","twitter_misc":{"\u57f7\u7b46\u8005":"admin","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"6\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#article","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470"},"author":{"name":"admin","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a"},"headline":"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc","datePublished":"2021-08-05T05:00:49+00:00","dateModified":"2021-11-18T20:20:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470"},"wordCount":1164,"image":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#primaryimage"},"thumbnailUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","keywords":["CIBA","Keycloak","oauth","oidc"],"articleSection":["keycloak"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470","url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470","name":"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#primaryimage"},"image":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#primaryimage"},"thumbnailUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","datePublished":"2021-08-05T05:00:49+00:00","dateModified":"2021-11-18T20:20:04+00:00","author":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a"},"description":"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 CIBA(\u30b7\u30fc\u30d0)\u3068\u306f\u4f55\u304b\uff1f \u4eca\u56de\u8a66\u3059\u5168\u4f53\u50cf\u306e\u8aac\u660e \u4eca\u56de\u4f7f\u3046\u74b0\u5883\u306e\u8aac\u660e CIBA\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u306e\u691c\u8a3c\u7528\u30c7\u30fc\u30bf\u306e\u4f5c\u6210\u30fb\u78ba\u8a8d","breadcrumb":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#primaryimage","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","width":1280,"height":798},{"@type":"BreadcrumbList","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/43470#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"HOME","item":"https:\/\/www.creationline.com\/tech-blog"},{"@type":"ListItem","position":2,"name":"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative"},{"@type":"ListItem","position":3,"name":"keycloak","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak"},{"@type":"ListItem","position":4,"name":"Keycloak(14.0.0)\u3067\u8a66\u3059 OpenID Connect CIBA\u3000#keycloak #ciba #oauth #oidc"}]},{"@type":"WebSite","@id":"https:\/\/www.creationline.com\/tech-blog\/#website","url":"https:\/\/www.creationline.com\/tech-blog\/","name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.creationline.com\/tech-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a","name":"admin","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png","caption":"admin"},"url":"https:\/\/www.creationline.com\/tech-blog\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/43470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/comments?post=43470"}],"version-history":[{"count":97,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/43470\/revisions"}],"predecessor-version":[{"id":46466,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/43470\/revisions\/46466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media\/43704"}],"wp:attachment":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media?parent=43470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/categories?post=43470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/tags?post=43470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}