λ€μ μλ ! SAMLμ μ¬μ©νμ¬ μ± κ°λ°μ μ§ννλ©΄μ νμ΄ μΌμ μκ° λμ μ΄λ € μλ κ²½μ°μλ§ λ°μνλ κ²μΌλ‘ 보μ΄λ μΈμ¦ λ¬Έμ λ₯Ό λ°κ²¬νμ΅λλ€(λ¬Έμ λ₯Ό μΌμΌν€λ μ νν μκ° λ²μλ₯Ό νμ νμ§ λͺ»ν¨). κ·Έλ° λ€μ μ¬μ©μλ νμ μλ‘ κ³ μΉ©λλ€(μ΄ μμ μμ μ μ°½μ΄ νΈλ¦¬κ±°νλμ§ νμ€νμ§ μμ). μ΄ λΉνμ± μκ°μ΄ μ§λλ©΄ ShinyProxyκ° μ¬μΈμ¦μ μλνκ³ μ΄λ€ μ΄μ λ‘ μ€ν¨νλ κ²μΌλ‘ 보μ λλ€. λ΄κ° μ°Ύμ μ μΌν ν΄κ²°μ± μ IdP(auth.company.com)μ λν λΈλΌμ°μ μμ μ¬μ΄νΈ λ°μ΄ν°λ₯Ό μ§μ°λ κ²μ λλ€. μμ μ΄ μλ£λλ©΄ μμλλ‘ μλν©λλ€.
μ΄ κ²½μ° ShinyProxyλ μ°μμΌλ‘ μ¬λ¬ λ² μΈμ¦μ μλνμ§λ§(URL νμμ€μμ λ§μ SAML 리λλ μ μ½λ°±μ λ³Ό μ μμ) κ²°κ΅ μ€ν¨νκ³ http://my.company.com/app/samlμ λ€νν©λλ€
μλ² λ‘κ·Έμ λ€μμ΄ νμλ©λλ€.
shinyproxy-server_1 | 2021-02-15 04:00:11.531 INFO 1 --- [ XNIO-1 task-4] o.s.security.saml.log.SAMLDefaultLogger : AuthNRequest;SUCCESS;XXX.XX.XX.XXX;https://my.company.com/app;http://auth.company.com/adfs/services/trust;;;
shinyproxy-server_1 | 2021-02-15 04:00:11.608 INFO 1 --- [ XNIO-1 task-4] colMessageXMLSignatureSecurityPolicyRule : Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response
shinyproxy-server_1 | 2021-02-15 04:00:11.609 INFO 1 --- [ XNIO-1 task-4] o.s.security.saml.log.SAMLDefaultLogger : AuthNResponse;FAILURE;XXX.XX.XX.XXX;https://my.company.com/app;http://auth.company.com/adfs/services/trust;;;org.springframework.security.saml.SAMLStatusException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null
λκ° μ΄μν κ²μ 첫 λ²μ§Έ μΈμ¦ μλκ° μ±κ³΅ν κ²μ²λΌ 보μ΄μ§λ§ ShinyProxyκ° μ΄λ€ μ΄μ λ‘ κ·Έκ²μ μ’μνμ§ μκ³ λ€μ μλνλ€λ κ²μ λλ€.
μ 체 μ€λ₯ μμΆμ :
~Shinyproxy-server_1 | org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)μμShinyproxy-server_1 | org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:219)Shinyproxy-server_1 | sun.reflect.GeneratedMethodAccessor63.invokeμμ(μ μ μλ μμ€)Shinyproxy-server_1 | java.lang.reflect.Method.invoke(Method.java:498)μμShinyproxy-server_1 | org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205)Shinyproxy-server_1 | org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)Shinyproxy-server_1 | org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)Shinyproxy-server_1 | org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)Shinyproxy-server_1 | org.springframework.security.web.authenticationμμ. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)Shinyproxy-server_1 | org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)Shinyproxy-server_1 | org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)Shinyproxy-server_1 | org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)Shinyproxy-server_1 | org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)Shinyproxy-server_1 | org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)Shinyproxy-server_1 | org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)Shinyproxy-server_1 | org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)Shinyproxy-server_1 | org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)Shinyproxy-server_1 | org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)Shinyproxy-server_1 | org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)Shinyproxy-server_1 | org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)Shinyproxy-server_1 | io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)Shinyproxy-server_1 | org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)Shinyproxy-server_1 | io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)Shinyproxy-server_1 | org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93)Shinyproxy-server_1 | io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)Shinyproxy-server_1 | org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)Shinyproxy-server_1 | io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)Shinyproxy-server_1 | io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)Shinyproxy-server_1 | io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)Shinyproxy-server_1 | io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:91)Shinyproxy-server_1 | io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)Shinyproxy-server_1 | io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)Shinyproxy-server_1 | io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)Shinyproxy-server_1 | io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)Shinyproxy-server_1 | io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)Shinyproxy-server_1 | io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)Shinyproxy-server_1 | io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)Shinyproxy-server_1 | io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)Shinyproxy-server_1 | io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)Shinyproxy-server_1 | io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)Shinyproxy-server_1 | io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)Shinyproxy-server_1 | org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)μμShinyproxy-server_1 | org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)Shinyproxy-server_1 | java.lang.Thread.run(Thread.java:748)μμ~
κ°λ¨ν ν΄κ²°μ± μ "λ‘κ·Έμμ" λ²νΌμ ν΄λ¦νλ κ²μ΄μ§λ§ ν΄λΉ λ²νΌμ SAML μ€λ₯ νλ©΄μ νμλμ§ μμ΅λλ€. μμ² μ λ°μνλλ‘ ν μ μκΈ° λλ¬Έμ λλ²κ·ΈνκΈ°κ° μ΄λ ΅μ΅λλ€. λ΄ IdP μ§μ λ΄λΉμμ λ°λ₯΄λ©΄ ADFSλ μ€μ λ‘ μ΄ νλ‘μΈμ€κ° μμλ λ μ ν¨ν ν ν°μ λ°κΈνλ―λ‘ ShinyProxyκ° μμ νλ ν ν°μ μ²λ¦¬νλ λ°©μμ λ‘컬 λ¬Έμ μΈ κ² κ°μ΅λλ€. λΈλΌμ°μ νμ΄ λ«νμ§ μμκΈ° λλ¬Έμ μλ§λ λ‘κ·ΈμΈ μΏ ν€κ° λ§λ£λμ΄ μ¬λ°λ₯΄κ² κ°±μ λμ§ μμμ κ²μ λλ€. νμ§λ§ μ κ° λ¬΄μ¨ λ§μ νλμ§ μ λͺ¨λ₯΄κ² μ΅λλ€.
μ€λ₯κ° λ€μ λ°μνλ©΄ μ’ λ μ μ©ν μ 보λ₯Ό κ°μ§κ³ λμμ¬ κ²μ λλ€. νμ§λ§ λκ΅°κ° μ΄κ²μ λ³΄κ³ μμ νλ λ°©λ²μ λν μμ΄λμ΄κ° μλμ§ κΆκΈνμ΅λλ€.
SHA-1κ³Ό SHA-256 μλͺ μκ³ λ¦¬μ¦ μ¬μ΄μ λΆμΌμΉλ₯Ό λνλ΄λ μ μ¬ν μ€λ₯ λ©μμ§λ₯Ό κ°λ¦¬ν€λ λ€μ λ¬Έμ λ₯Ό λ°κ²¬νμ΅λλ€. νμ§λ§ μ€λ κΈ°κ° μ¬μ©νμ§ μμΌλ©΄ κ°νμ μΌλ‘ μ€ν¨νλ―λ‘ μ΄κ²μ΄ λ΄ λ¬Έμ λΌκ³ μκ°νμ§ μμ΅λλ€.
νμ μ‘°μΉλ‘ μ±μ SAML λΆλΆμ DEBUG
μμ€ λ‘κΉ
μΌλ‘ μ€μ νμΌλ©° μ΄λ¬ν μκ° μ΄κ³Ό μ΄λ²€νΈ μ€ νλμμ λ€μμ νμΈνμ΅λλ€.
shinyproxy-server_1 | 2021-02-15 21:03:14.050 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.s.context.SAMLContextProviderImpl : No IDP specified, using default http://auth.company.com/adfs/services/trust
shinyproxy-server_1 | 2021-02-15 21:03:14.050 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.util.SAMLUtil : Index for AssertionConsumerService not specified, returning default
shinyproxy-server_1 | 2021-02-15 21:03:14.051 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.SAMLEntryPoint : Processing SSO using WebSSO profile
shinyproxy-server_1 | 2021-02-15 21:03:14.051 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.saml.websso.WebSSOProfileImpl : Using default consumer service with binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
shinyproxy-server_1 | 2021-02-15 21:03:14.052 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.saml.storage.HttpSessionStorage : Storing message a17g5ahbxxxxxxxxxxx454jj to session hxxxxxxJ_E8xxxxxxxxHP_TwIxxxxxxxH
shinyproxy-server_1 | 2021-02-15 21:03:14.053 INFO 1 --- [ XNIO-1 task-2] o.s.security.saml.log.SAMLDefaultLogger : AuthNRequest;SUCCESS;XXX.XX.XXX.XX;https://my.company.com/app;http://auth.company.com/adfs/services/trust;;;
shinyproxy-server_1 | 2021-02-15 21:03:14.805 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.SAMLProcessingFilter : Request is to process authentication
shinyproxy-server_1 | 2021-02-15 21:03:14.806 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.SAMLProcessingFilter : Attempting SAML2 authentication using profile urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser
shinyproxy-server_1 | 2021-02-15 21:03:14.811 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.saml.processor.SAMLProcessorImpl : Retrieving message using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
shinyproxy-server_1 | 2021-02-15 21:03:14.816 INFO 1 --- [ XNIO-1 task-2] colMessageXMLSignatureSecurityPolicyRule : SAML protocol message was not signed, skipping XML signature processing
shinyproxy-server_1 | 2021-02-15 21:03:14.816 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.util.SAMLUtil : Found endpoint org.opensaml.saml2.metadata.impl.AssertionConsumerServiceImpl<strong i="7">@6531c789</strong> for request URL https://my.company.com/app/saml/SSO based on location attribute in metadata
shinyproxy-server_1 | 2021-02-15 21:03:14.816 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.saml.storage.HttpSessionStorage : Message a17g5ahb0gieeh9b4e48ff6a3d454jj found in session hXmYJ_E8wf6F2plFsHP_TwIZS1Cg6n2Vu4wD4i2H, clearing
shinyproxy-server_1 | 2021-02-15 21:03:14.817 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.s.w.WebSSOProfileConsumerImpl : Verifying issuer of the Response
shinyproxy-server_1 | 2021-02-15 21:03:14.817 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.s.w.WebSSOProfileConsumerImpl : Verifying signature
shinyproxy-server_1 | 2021-02-15 21:03:14.820 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.s.t.MetadataCredentialResolver : Added 1 credentials resolved from metadata of entity http://auth.company.com/adfs/services/trust
shinyproxy-server_1 | 2021-02-15 21:03:14.826 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.s.w.WebSSOProfileConsumerImpl : Processing Bearer subject confirmation
shinyproxy-server_1 | 2021-02-15 21:03:14.836 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.s.w.WebSSOProfileConsumerImpl : Validation of authentication statement in assertion failed, skipping
shinyproxy-server_1 | org.springframework.security.authentication.CredentialsExpiredException: Authentication statement is too old to be used with value 2021-02-15T15:51:35.161Z
...
shinyproxy-server_1 | 2021-02-15 21:03:14.839 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.saml.SAMLAuthenticationProvider : Error validating SAML message
shinyproxy-server_1 |
shinyproxy-server_1 | org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
...
shinyproxy-server_1 |
shinyproxy-server_1 | 2021-02-15 21:03:14.841 INFO 1 --- [ XNIO-1 task-2] o.s.security.saml.log.SAMLDefaultLogger : AuthNResponse;FAILURE;XXX.XX.XXX.XX;https://my.company.com/app;http://auth.company.com/adfs/services/trust;;;org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
shinyproxy-server_1 | at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:265)
...
shinyproxy-server_1 |
shinyproxy-server_1 | 2021-02-15 21:03:14.842 INFO 1 --- [ XNIO-1 task-2] e.o.containerproxy.service.UserService : Authentication failure [user: ] [error: Error validating SAML message]
shinyproxy-server_1 | 2021-02-15 21:03:14.848 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.SAMLProcessingFilter : Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: Error validating SAML message
shinyproxy-server_1 |
shinyproxy-server_1 | org.springframework.security.authentication.AuthenticationServiceException: Error validating SAML message
...
shinyproxy-server_1 |
shinyproxy-server_1 | 2021-02-15 21:03:14.849 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.SAMLProcessingFilter : Updated SecurityContextHolder to contain null Authentication
shinyproxy-server_1 | 2021-02-15 21:03:14.849 DEBUG 1 --- [ XNIO-1 task-2] o.s.security.saml.SAMLProcessingFilter : Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler<strong i="8">@19dec0b4</strong>
shinyproxy-server_1 | 2021-02-15 21:03:14.858 ERROR 1 --- [ XNIO-1 task-2] org.thymeleaf.TemplateEngine : [THYMELEAF][XNIO-1 task-2] Exception processing template "/": Error resolving template [/], template might not exist or might not be accessible by any of the configured Template Resolvers
shinyproxy-server_1 | org.thymeleaf.exceptions.TemplateInputException: Error resolving template [/], template might not exist or might not be accessible by any of the configured Template Resolvers
...
shinyproxy-server_1 |
shinyproxy-server_1 | 2021-02-15 21:03:14.861 ERROR 1 --- [ XNIO-1 task-2] io.undertow.request : UT005023: Exception handling request to /app/error
shinyproxy-server_1 |
shinyproxy-server_1 | org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateInputException: Error resolving template [/], template might not exist or might not be accessible by any of the configured Template Resolvers
μ΄ μνμ€λ ShinyProxyκ° ν¬κΈ°νκ³ μμ κ°μ΄ μΌλ°μ μΈ springboot μ€λ₯ νμ΄μ§λ‘ λ€ννκΈ° μ μ μ½ 2μ΄ λμ 7λ² λ°λ³΅λ©λλ€. λ κ°μ§ κΆκΈμ¦:
1) org.springframework.security.authentication.CredentialsExpiredException: Authentication statement is too old to be used with value 2021-02-15T15:51:35.161Z
-- μ΄κ²μ΄ λ¬Έμ μ κ·Όλ³ΈμΈ κ² κ°μ§λ§ μ΄κ²μ΄ IdP μΈ‘μ λ¬Έμ μΈμ§ ShinyProxy μΈ‘μ λ¬Έμ μΈμ§ νμ€νμ§ μμ΅λλ€.
2) 2021-02-15 21:03:14.861 ERROR 1 --- [ XNIO-1 task-2] io.undertow.request : UT005023: Exception handling request to /app/error
-- λ΄ μ€λ₯ ν
νλ¦Ώμ΄ μ λλ‘ λ‘λλμ§ μλ κ² κ°μ΅λλ€. κ·Έλ λ€λ©΄ μ¬μ©μκ° μΈμ
μ μ¬μ€μ νκΈ° μν΄ ν΄λ¦ν μ μλ "λ‘κ·Έμμ" νμ΄μ§μ λν λ§ν¬λ₯Ό λ£μ μ μλ€κ³ μκ°ν©λλ€.
μ΄λ€ μμ΄λμ΄?
κ΄λ ¨λ λ§ν¬λ€:
1) https://stackoverflow.com/questions/48289763/spring-security-infinite-loop-after-initial-login-and-timeout
2) https://stackoverflow.com/questions/30528636/idp-initiated-saml-login-error-authentication-statement-is-too-old-to-be-used
λ§ν¬ 2λ λͺ κ°μ§ μ루μ
μ μ μν©λλ€. (1) maxAuthenticationAge
λ₯Ό ADFSμ μλͺ
μ λ§μΆκ±°λ (2) forceAuthN
λ₯Ό trueλ‘ μ€μ ν©λλ€.
ShinyProxy κ΅¬μ± λ΄μμ μ΄κ²μ΄ κ°λ₯ν©λκΉ, μλλ©΄ μ΄μ νμν μ¬μ©μ μ μ λΉλλ₯Ό μ°Ύκ³ μμ΅λκΉ?
μλ νμΈμ @jat255
κ·νμ κ΄λ²μν λ³΄κ³ μμ μ°κ΅¬μ κ°μ¬λ립λλ€! μ΄κ²μ μ°μ°μ μΌμΉμ λλ€. μ°λ¦¬ λ°°ν¬μμλ λκ°μ λ¬Έμ λ₯Ό κ²½ννμ΅λλ€. μ΄μ λλ λΉμ κ³Ό κ°μ μ루μ μ μ°Ύμμ΅λλ€. ν μ€νΈ λ§νλ©΄λ©λλ€. :)
forceAuthN
μ΅μ
μ μ€μ νλ©΄ μ€μ λ‘ λ¬Έμ κ° ν΄κ²°λ©λλ€. μ΄κ²μ μ μΌν λ¨μ μ μ¬μ©μκ° μ 체 μ격 μ¦λͺ
μ λ€μ μ 곡ν΄μΌ νλ€λ κ²μ
λλ€. λ°λ©΄ ADFSλ μ¬μ©μμ μ격 μ¦λͺ
μ΄ μ¬μ ν "μΆ©λΆν μ΅μ μν"λΌκ³ λ―Ώμ΅λλ€. λν μ 곡ν λ§ν¬μμ μΌλΆ IDPκ° μ΄ μ΅μ
(μ: google)μ 무μνλ κ²μΌλ‘ 보μ
λλ€. saml ꡬμ±μμ μ§μ νμ¬ forceAuthN
λ₯Ό νμ±νν μ μμ΅λλ€.
proxy:
saml:
idp-metadata-url: ...
....
force-authn: true
μ΄ μ΅μ μ μμ§ μ ν¬ μΉμ¬μ΄νΈμ λ¬Έμνλμ΄ μμ§ μμ΅λλ€. μ κ° μ²λ¦¬νκ² μ΅λλ€.
maxAuthenticationAge
μ΅μ
μ μ§μ νλ κ²μ ShinyProxyμμ μμ§ κ΅¬νλμ§ μμμ΅λλ€. κ·Έλ¬λ μ΄ μ΅μ
(μ: googleμ IDPλ‘ μ¬μ©)μμ κ°μ 보μμΌλ―λ‘ μ΄μ λν μ΅μ
μ ꡬννκ² μ΅λλ€.
λν CredentialsExpiredException
κ²½μ° λ μ μ©ν λμμ μ 곡νλλ‘ λ
Έλ ₯νκ² μ΅λλ€.
@LEDfan κ·νμ μ μν λ΅λ³κ³Ό μ루μ
μ κ°μ¬λ립λλ€! ν΄λΉ λ³κ²½ μ¬νμ ꡬννμ§λ§ μ΄μ μλνλμ§ νμΈνλ €λ©΄ 24μκ°μ κΈ°λ€λ €μΌ ν©λλ€.smirk: μ μ΄λ SAML νμ΄λ‘λμ ForceAuthn="true"
κ° νμλλ κ²μ νμΈνμΌλ―λ‘ μ΅μ
μ΄ ShinyProxyμμ νμ€ν μλν©λλ€. μ.
λλΆλΆμ μ¬μ©μκ° μλ ββWindows μ격 μ¦λͺ
κ΄λ¦¬μ μ°κ²°λ μν°νλΌμ΄μ¦ μΈμ¦μ μ¬μ©νλ―λ‘ forceAuthN
μ΅μ
μ΄ μ¬μ©μμκ² λ무 μ΄λ ΅μ§ μμ κ²μ΄λΌκ³ μκ°ν©λλ€. λ°λΌμ μ‘μΈμ€νκΈ° μν΄ μνΈλ₯Ό μ
λ ₯ν νμκ° μμ΅λλ€. SAMLλ‘ λ³΄νΈλλ 리μμ€. μ°λ¦¬μ κ²½μ°μ ν¨κ³Όκ° μμλμ§ μλ €λ리기 μν΄ λ©°μΉ νμ μ¬κΈ°μ λ€μ λ³΄κ³ νκ² μ΅λλ€.
μ΄κ²μ μ§λ λ©°μΉ λμ μλνλ κ² κ°μΌλ―λ‘(λ€μ μ€λ₯λ₯Ό λ³Έ μ μ΄ μμ) κ³μν΄μ μ΄κ²μ λ«κ² μ΅λλ€. λ€μ νλ² κ°μ¬ν©λλ€!