{"id":59520,"date":"2023-04-14T12:00:41","date_gmt":"2023-04-14T03:00:41","guid":{"rendered":"https:\/\/www.creationline.com\/?p=59520"},"modified":"2023-04-18T14:24:42","modified_gmt":"2023-04-18T05:24:42","slug":"keycloak-21-0-2-%e3%81%a7-%e3%82%af%e3%83%a9%e3%82%a4%e3%82%a2%e3%83%b3%e3%83%88%e3%83%9d%e3%83%aa%e3%82%b7%e3%83%bc-fapi1-advanced-%e3%82%92%e8%a9%a6%e3%81%99-keycloak-ciba-oauth-oidc","status":"publish","type":"post","link":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/59520","title":{"rendered":"Keycloak (21.0.2) \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI1 advanced \u3092\u8a66\u3059 #keycloak #oauth #oidc"},"content":{"rendered":"

1. \u76ee\u6b21<\/a><\/h2>\n
    \n
  1. \u76ee\u6b21<\/a><\/li>\n
  2. \u6982\u8981<\/a>
    \n    2.1 \u672c\u8a18\u4e8b\u5185\u3067\u306e\u7565\u79f0\u306b\u3064\u3044\u3066<\/a>
    \n    2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240<\/a>
    \n    2.3 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240<\/a><\/li>\n<\/ol>\n
      \n
    1. \u74b0\u5883\u306e\u8aac\u660e<\/a>
      \n      3.1 \u30ec\u30eb\u30e0\u306e\u8a2d\u5b9a<\/a>
      \n      3.2 \u30e6\u30fc\u30b6\u30fc\u306e\u8a2d\u5b9a<\/a>
      \n      3.3 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a2d\u5b9a<\/a>
      \n      3.4 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a<\/a><\/li>\n<\/ol>\n
        \n
      1. \n
      2. mTLS\u5bfe\u5fdc<\/a>
        \n        5.1 OAuth2 \u306b\u95a2\u9023\u3059\u308bmTLS\u306e\u4ed5\u69d8<\/a>
        \n        5.2 docker-compose \u306e\u4fee\u6b63<\/a>
        \n        5.3 CA\u7528\u306e\u9375\u3068\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/a>
        \n        5.4 \u30b5\u30fc\u30d0\u30fc\u3067\u7528\u3044\u308bHTTPS\u7528\u306e\u9375\u3084\u8a3c\u660e\u66f8\u306a\u3069\u306e\u4f5c\u6210<\/a>
        \n        5.5 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306e\u9375\u3084\u8a3c\u660e\u66f8\u306a\u3069\u306e\u4f5c\u6210<\/a>
        \n        5.6 Keycloak\u5074\u3067\u306e\u8a2d\u5b9a<\/a><\/li>\n<\/ol>\n
          \n
        1. \u30ea\u30af\u30a8\u30b9\u30c8\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u5bfe\u5fdc<\/a>
          \n          6.1 JWS\u306b\u4f7f\u3046\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u691c\u8a0e<\/a>
          \n          6.2 JWS\u306b\u4f7f\u3046\u9375\u60c5\u5831\u3068JWKS\u306e\u4f5c\u6210<\/a>
          \n          6.3 Keycloak\u304b\u3089JWKS\u306e\u8a2d\u5b9a<\/a>
          \n          6.4 \u30ea\u30af\u30a8\u30b9\u30c8\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306e\u4f5c\u6210<\/a>
          \n          6.5 JWS\u4ed8\u304d\u306e\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u4f5c\u6210\u30fb\u9001\u4fe1<\/a>
          \n          6.6 Detached Signature<\/a>
          \n          6.7 \u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8<\/a><\/li>\n<\/ol>\n
            \n
          1. \u5f8c\u66f8\u304d<\/a><\/li>\n<\/ol>\n

            2. \u6982\u8981<\/a><\/h2>\n
            \n

            shiba \u30c1\u30fc\u30e0\u306e\u4e2d\u6751\u3067\u3059\u3002\u524d\u56de\u306e\u8a18\u4e8b<\/a>\u3067\u306f Keycloak \u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3092\u8a2d\u5b9a\u3057\u305f\u5f8c\u3067\u00a0Financial-grade API Security Profile 1.0 - Part 1: Baseline<\/a>\u00a0\u306e\u52d5\u304d\u3092\u78ba\u8a8d\u3057\u3066\u3044\u304d\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u3001Financial-grade API Security Profile 1.0 - Part 2: Advanced<\/a>\u00a0\u306b\u5bfe\u5fdc\u3059\u308b\u4e8b\u306f\u884c\u3063\u3066\u3044\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u305d\u3053\u3067\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u00a0Financial-grade API Security Profile 1.0 - Part 2: Advanced<\/a>\u00a0\u3078\u5bfe\u5fdc\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n

            \u307e\u305f\u3001\u4eca\u56de\u3082\u4e00\u7dd2\u306b\u691c\u8a3c\u3057\u3066\u3044\u304f\u3088\u3046\u306b\u767a\u751f\u3057\u305d\u3046\u306a\u30a8\u30e9\u30fc\u3092\u8e0f\u307f\u6f70\u3057\u306a\u304c\u3089\u8a66\u3057\u3066\u3044\u304d\u307e\u3059\u306e\u3067\u3001 FAPI \u3084 Keycloak \u3092\u65e2\u306b\u304a\u8a73\u3057\u3044\u65b9\u3084\u3001\u7d50\u679c\u3060\u3051\u77e5\u308a\u305f\u3044\u65b9\u306f\u9069\u6642\u8aad\u307f\u98db\u3070\u3057\u306a\u304c\u3089\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n

            2.1 \u672c\u8a18\u4e8b\u5185\u3067\u306e\u7565\u79f0\u306b\u3064\u3044\u3066<\/a><\/h3>\n
            \n

            \u672c\u8cc7\u6599\u3067\u306f\u4ee5\u964d\u306e\u8cc7\u6599\u306b\u304a\u3044\u3066\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306b\u540d\u79f0\u3092\u7701\u7565\u3057\u3066\u8868\u8a18\u3057\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n
            \u540d\u79f0<\/th>\n\u7565\u79f0<\/th>\n<\/tr>\n<\/thead>\n
            Financial-grade API<\/td>\nFAPI<\/td>\n<\/tr>\n
            Financial-grade API Security Profile 1.0 - Part 1: Baseline<\/td>\nFAPI1 Baseline<\/td>\n<\/tr>\n
            Financial-grade API Security Profile 1.0 - Part 2: Advanced<\/td>\nFAPI1 Advanced<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

            2.2 \u5f53\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u5185\u5bb9<\/a><\/h3>\n
            \n

            \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u4e3b\u306b\u4e0b\u8a18\u306e\u90e8\u5206\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n