2. 질의 응답
  3. 완성 된 401 119ms에 무단으로

완성 된 401 119ms에 무단으로

2017-03-14 1 views
0

내 레일 애플리케이션에 devise_saml_authenticatable gem을 사용하여 외부 SSO와 통합했지만 응용 프로그램을 구성했지만 devise/saml_sessions 컨트롤러에서 Completed 401 Unauthorized in 119ms을 얻고 있습니다.완성 된 401 119ms에 무단으로

내 설정/초기화/devise.rb

config.saml_create_user = true 
config.saml_update_user = true 
config.saml_default_user_key = :email 
config.saml_session_index_key = :session_index 
config.saml_use_subject = true 
config.idp_settings_adapter = CidpSettingsAdapter

IDP 설정 어댑터

class CidpSettingsAdapter 
    def self.settings(idp_entity_id) 
     { 
     issuer: 'https://devidentity.greenfence.com/users/saml/metadata', 
     assertion_consumer_service_url: 'https://devidentity.greenfence.com/saml/consume', 
     assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 
     #assertion_consumer_logout_service_url: 'https://devidentity.greenfence.com/users/saml/sign_out', 
     idp_entity_id: 'https://cargill.identitynow.com', 
     authn_context: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', 
     name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', 
     idp_sso_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/SSOPOST/metaAlias/cargill/idp', 
     idp_slo_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/IDPSloPOST/metaAlias/cargill/idp', 
     security: { 
      authn_requests_signed: false, 
      logout_requests_signed: false, 
      logout_responses_signed: false, 
      metadata_signed: false, 
      digest_method: XMLSecurity::Document::SHA1, 
      signature_method: XMLSecurity::Document::RSA_SHA1 
     }, 
     idp_cert: <<-CERT.chomp 
-----BEGIN CERTIFICATE----- 
MIIDQDCCAiigAwIBAgIEIZbEtDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEOMAwGA1U 
CBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2FpbFBvaW50MR4wHAYDVQQDExVw 
cmQwMi11c2Vhc3QxLWNhcmdpbGwwHhcNMTYwMTE5MDM0OTQwWhcNMjYwMTE2MDM0OTQwWjBiMQsw 
CQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2Fp 
bFBvaW50MR4wHAYDVQQDExVwcmQwMi11c2Vhc3QxLWNhcmdpbGwwggEiMA0GCSqGSIb3DQEBAQUA 
A4IBDwAwggEKAoIBAQCRlr1CRIYLomUqTt9Igdrs9dwSW45lLS7lRDh+7WAgIbqIRxLjDH0fJgMi 
T14i2gZD+bKyv43epVi6DG8pWrP2qjf8/U1VTr2hMnLrty5ycB9c8DSSh8YSARRIRjxUKrETp70i 
BspeMtA3+ZMEnrrz38WlU5zuctzRSr6Q75Yf96tIk1wO+EqRASiNUy+oe/+/LClvPiJLnwdUEnNY 
SXgidUvAGxgM639yD0C4cKs++zimwUBcTOgdvPbSJhpG1/CoQcrrdPt78a1RxC3MJJBVG9015SW1 
ZkQ5u5sJjFWPzvqd9POgszzc/cj9SjLnh4Y6BFbxZOqkg5Ghn9b8vaElAgMBAAEwDQYJKoZIhvcN= 
-----END CERTIFICATE----- 
     CERT 
     } 
    end 
end

내 설정/routes.rb

devise_scope :user do 
    get 'users/sign_out', to: 'devise/sessions#destroy' 
    get 'users/submit_verification_code', to: 'aws_cognito#submit_verification_code' 
    get 'users/request_verification_code', to: 'aws_cognito#request_verification_code' 

    scope 'users', controller: 'saml_sessions' do 
     get :new, path: 'saml/sign_in', as: :new_user_saml_session 
     post :create, path: 'saml/auth', as: :user_saml_session 
     get :destroy, path: 'saml/sign_out', as: :destroy_user_saml_session 
     get :metadata, path: 'saml/metadata', as: :metadata_user_saml_session 
     match :idp_sign_out, path: 'saml/idp_sign_out', via: [:get, :post] 
     get :sso_dashboard 
    end 
    post '/saml/consume' => 'saml_sessions#create' 
    end

출처

2017-03-14 Sachin Singh

답변

0

문제에 올바른 issuer 이름을 제공하여 고정 CidpSettingsAdapter.

출처

2017-03-15 08:52:20

관련 문제

 관련 문제