在119ms完成401未经授权

时间:2017-03-14 12:02:54

标签: ruby-on-rails ruby devise single-sign-on saml

我在我的rails应用程序中使用devise_saml_authenticatable gem将其与外部SSO集成,我已经配置了我的应用程序,但我从devise / saml_sessions控制器获取Completed 401 Unauthorized in 119ms

我的config / initializers / devise.rb

config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_settings_adapter = CidpSettingsAdapter

IDP设置适配器

class CidpSettingsAdapter
  def self.settings(idp_entity_id)
        {
        issuer: 'https://devidentity.greenfence.com/users/saml/metadata',
        assertion_consumer_service_url: 'https://devidentity.greenfence.com/saml/consume',
        assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        #assertion_consumer_logout_service_url: 'https://devidentity.greenfence.com/users/saml/sign_out',
        idp_entity_id: 'https://cargill.identitynow.com',
        authn_context: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
        name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        idp_sso_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/SSOPOST/metaAlias/cargill/idp',
        idp_slo_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/IDPSloPOST/metaAlias/cargill/idp',
        security: {
          authn_requests_signed: false,
          logout_requests_signed: false,
          logout_responses_signed: false,
          metadata_signed: false,
          digest_method: XMLSecurity::Document::SHA1,
          signature_method: XMLSecurity::Document::RSA_SHA1
        },
        idp_cert:  <<-CERT.chomp
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIEIZbEtDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEOMAwGA1U
CBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2FpbFBvaW50MR4wHAYDVQQDExVw
cmQwMi11c2Vhc3QxLWNhcmdpbGwwHhcNMTYwMTE5MDM0OTQwWhcNMjYwMTE2MDM0OTQwWjBiMQsw
CQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2Fp
bFBvaW50MR4wHAYDVQQDExVwcmQwMi11c2Vhc3QxLWNhcmdpbGwwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRlr1CRIYLomUqTt9Igdrs9dwSW45lLS7lRDh+7WAgIbqIRxLjDH0fJgMi
T14i2gZD+bKyv43epVi6DG8pWrP2qjf8/U1VTr2hMnLrty5ycB9c8DSSh8YSARRIRjxUKrETp70i
BspeMtA3+ZMEnrrz38WlU5zuctzRSr6Q75Yf96tIk1wO+EqRASiNUy+oe/+/LClvPiJLnwdUEnNY
SXgidUvAGxgM639yD0C4cKs++zimwUBcTOgdvPbSJhpG1/CoQcrrdPt78a1RxC3MJJBVG9015SW1
ZkQ5u5sJjFWPzvqd9POgszzc/cj9SjLnh4Y6BFbxZOqkg5Ghn9b8vaElAgMBAAEwDQYJKoZIhvcN=
-----END CERTIFICATE-----
        CERT
      }
  end
end

我的config / routes.rb

  devise_scope :user do
    get 'users/sign_out', to: 'devise/sessions#destroy'
    get 'users/submit_verification_code', to: 'aws_cognito#submit_verification_code'
    get 'users/request_verification_code', to: 'aws_cognito#request_verification_code'

    scope 'users', controller: 'saml_sessions' do
      get :new, path: 'saml/sign_in', as: :new_user_saml_session
      post :create, path: 'saml/auth', as: :user_saml_session
      get :destroy, path: 'saml/sign_out', as: :destroy_user_saml_session
      get :metadata, path: 'saml/metadata', as: :metadata_user_saml_session
      match :idp_sign_out, path: 'saml/idp_sign_out', via: [:get, :post]
      get :sso_dashboard
    end
    post '/saml/consume' => 'saml_sessions#create'
  end

1 个答案:

答案 0 :(得分:0)

通过在issuer中提供正确的CidpSettingsAdapter名称来解决问题。