0
내 레일 애플리케이션에 devise_saml_authenticatable
gem을 사용하여 외부 SSO와 통합했지만 응용 프로그램을 구성했지만 devise/saml_sessions 컨트롤러에서 Completed 401 Unauthorized in 119ms
을 얻고 있습니다.완성 된 401 119ms에 무단으로
내 설정/초기화/devise.rb
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_settings_adapter = CidpSettingsAdapter
IDP 설정 어댑터
class CidpSettingsAdapter
def self.settings(idp_entity_id)
{
issuer: 'https://devidentity.greenfence.com/users/saml/metadata',
assertion_consumer_service_url: 'https://devidentity.greenfence.com/saml/consume',
assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
#assertion_consumer_logout_service_url: 'https://devidentity.greenfence.com/users/saml/sign_out',
idp_entity_id: 'https://cargill.identitynow.com',
authn_context: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
idp_sso_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/SSOPOST/metaAlias/cargill/idp',
idp_slo_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/IDPSloPOST/metaAlias/cargill/idp',
security: {
authn_requests_signed: false,
logout_requests_signed: false,
logout_responses_signed: false,
metadata_signed: false,
digest_method: XMLSecurity::Document::SHA1,
signature_method: XMLSecurity::Document::RSA_SHA1
},
idp_cert: <<-CERT.chomp
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIEIZbEtDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEOMAwGA1U
CBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2FpbFBvaW50MR4wHAYDVQQDExVw
cmQwMi11c2Vhc3QxLWNhcmdpbGwwHhcNMTYwMTE5MDM0OTQwWhcNMjYwMTE2MDM0OTQwWjBiMQsw
CQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2Fp
bFBvaW50MR4wHAYDVQQDExVwcmQwMi11c2Vhc3QxLWNhcmdpbGwwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRlr1CRIYLomUqTt9Igdrs9dwSW45lLS7lRDh+7WAgIbqIRxLjDH0fJgMi
T14i2gZD+bKyv43epVi6DG8pWrP2qjf8/U1VTr2hMnLrty5ycB9c8DSSh8YSARRIRjxUKrETp70i
BspeMtA3+ZMEnrrz38WlU5zuctzRSr6Q75Yf96tIk1wO+EqRASiNUy+oe/+/LClvPiJLnwdUEnNY
SXgidUvAGxgM639yD0C4cKs++zimwUBcTOgdvPbSJhpG1/CoQcrrdPt78a1RxC3MJJBVG9015SW1
ZkQ5u5sJjFWPzvqd9POgszzc/cj9SjLnh4Y6BFbxZOqkg5Ghn9b8vaElAgMBAAEwDQYJKoZIhvcN=
-----END CERTIFICATE-----
CERT
}
end
end
내 설정/routes.rb
devise_scope :user do
get 'users/sign_out', to: 'devise/sessions#destroy'
get 'users/submit_verification_code', to: 'aws_cognito#submit_verification_code'
get 'users/request_verification_code', to: 'aws_cognito#request_verification_code'
scope 'users', controller: 'saml_sessions' do
get :new, path: 'saml/sign_in', as: :new_user_saml_session
post :create, path: 'saml/auth', as: :user_saml_session
get :destroy, path: 'saml/sign_out', as: :destroy_user_saml_session
get :metadata, path: 'saml/metadata', as: :metadata_user_saml_session
match :idp_sign_out, path: 'saml/idp_sign_out', via: [:get, :post]
get :sso_dashboard
end
post '/saml/consume' => 'saml_sessions#create'
end