SSO

SAML Response Login Fail(599) 에러...

fasdfasdfasd_cfeb14

2024.04.09읽음 202

아... 지금 SAML IDP 방식으로 Naver Works 에서 SAML Request 가 우리 내부 인증 서버쪽으로 들어올때 SAML Response를 만들어서 전달 시 오류가 자꾸 나네요...

Signature관련한 부분도 Private Key를 PEM으로 변경해서 등록도 해서 진행도 해보고... 키스토어에서 직접 CER 파일도 만들어서 PEM으로 파일 명 변경 후 등록해서 진행해보고...
하지만!!!
Subject 하위 노드에 NAME ID가 들어가기만 하면 자꾸 SAML Response Login Fail(599)로 오류가 나는데... 이 오류가 어떤식으로 나는지도... 알 수 있는 방법이 없어서 너무 힘드네요...
NAME ID가 External Key로 등록하라고 되어있는데... 그걸로도 해보고 Email로도 해보고...
분명 SAML IDP가이드대로 모든걸 맞춰서 해봤는데... 자꾸 똑같은 에러가 나네요...
혹시 아시는 분 있을까요?
SAML Response XML 내용 : 
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://auth.worksmobile.com/acs/clive-translate.co.kr" ID="a5a1f93796604e818b18106cf75ad390" InResponseTo="gdafgjeeiahklophbanbhkjompdmofaokegojffn" IssueInstant="2024-04-09T11:41:19.890Z" Version="2.0">
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       
       <ds:SignedInfo>
           
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
           
           <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
           
           <ds:Reference URI="#a5a1f93796604e818b18106cf75ad390">
               
               <ds:Transforms>
                   
                   <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                   
                   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   
               </ds:Transforms>
               
               <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
               
               <ds:DigestValue>K6OC6nPgDs6P5C94iUk4TSwoLXgWnh77LSL92DYmNJ0=</ds:DigestValue>
               
           </ds:Reference>
           
       </ds:SignedInfo>
       
       <ds:SignatureValue>
S3AiYI/yIbGPTcRNMKPu1EU3E8rtZKvimzD/T/FJAuwEuFwYtVFFpfjIhWX11KiMvxf0p/kthqai&#13;
jPMqGZcEvBVOeEw7RVcdV56zOesPIq1OiRzsxrTCJv681zbfn/IQrfXrLz66yDt0/IUTX8KbmWC0&#13;
IDpJt1HW8eBSF86wgkk=
</ds:SignatureValue>
       
   </ds:Signature>
   <saml2p:Status>
       <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="38553347452648518a514992a682f447" IssueInstant="2024-04-09T11:41:19.890Z" Version="2.0">
       <saml2:Subject>
           <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">AAAA</saml2:NameID>
           <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
               <saml2:SubjectConfirmationData InResponseTo="gdafgjeeiahklophbanbhkjompdmofaokegojffn" NotOnOrAfter="2024-04-09T11:46:19.890Z" Recipient="https://auth.worksmobile.com/acs/clive-translate.co.kr"/>
           </saml2:SubjectConfirmation>
       </saml2:Subject>
       <saml2:Conditions NotBefore="2024-04-09T11:41:19.890Z" NotOnOrAfter="2024-04-09T11:46:19.890Z">
           <saml2:AudienceRestriction>
               <saml2:Audience>https://auth.worksmobile.com/acs/clive-translate.co.kr</saml2:Audience>
           </saml2:AudienceRestriction>
       </saml2:Conditions>
       <saml2:AuthnStatement AuthnInstant="2024-04-09T11:41:19.890Z" SessionIndex="981d337f46114433b94788ba3f37f7c7" SessionNotOnOrAfter="2024-04-09T12:41:23.047Z"/>
   </saml2:Assertion>
</saml2p:Response>
인코딩한 SAML Reponse 내용 :
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9hdXRoLndvcmtzbW9iaWxlLmNvbS9hY3MvY2xpdmUtdHJhbnNsYXRlLmNvLmtyIiBJRD0iYTVhMWY5Mzc5NjYwNGU4MThiMTgxMDZjZjc1YWQzOTAiIEluUmVzcG9uc2VUbz0iZ2RhZmdqZWVpYWhrbG9waGJhbmJoa2pvbXBkbW9mYW9rZWdvamZmbiIgSXNzdWVJbnN0YW50PSIyMDI0LTA0LTA5VDExOjQxOjE5Ljg5MFoiIFZlcnNpb249IjIuMCI+DQogICAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogICAgICAgIA0KICAgICAgICA8U2lnbmVkSW5mbz4NCiAgICAgICAgICAgIA0KICAgICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4NCiAgICAgICAgICAgIA0KICAgICAgICAgICAgPFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICAgICAgICAgICAgDQogICAgICAgICAgICA8UmVmZXJlbmNlIFVSST0iI2E1YTFmOTM3OTY2MDRlODE4YjE4MTA2Y2Y3NWFkMzkwIj4NCiAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICA8VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIDxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICA8L1RyYW5zZm9ybXM+DQogICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPg0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT5LNk9DNm5QZ0RzNlA1Qzk0aVVrNFRTd29MWGdXbmg3N0xTTDkyRFltTkowPTwvRGlnZXN0VmFsdWU+DQogICAgICAgICAgICAgICAgDQogICAgICAgICAgICA8L1JlZmVyZW5jZT4NCiAgICAgICAgICAgIA0KICAgICAgICA8L1NpZ25lZEluZm8+DQogICAgICAgIA0KICAgICAgICA8U2lnbmF0dXJlVmFsdWU+DQpTM0FpWUkveUliR1BUY1JOTUtQdTFFVTNFOHJ0Wkt2aW16RC9UL0ZKQXV3RXVGd1l0VkZGcGZqSWhXWDExS2lNdnhmMHAva3RocWFpJiMxMzsNCmpQTXFHWmNFdkJWT2VFdzdSVmNkVjU2ek9lc1BJcTFPaVJ6c3hyVENKdjY4MXpiZm4vSVFyZlhyTHo2NnlEdDAvSVVUWDhLYm1XQzAmIzEzOw0KSURwSnQxSFc4ZUJTRjg2d2draz0NCjwvU2lnbmF0dXJlVmFsdWU+DQogICAgICAgIA0KICAgIDwvU2lnbmF0dXJlPg0KICAgIDxzYW1sMnA6U3RhdHVzPg0KICAgICAgICA8c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6QXV0aG5GYWlsZWQiLz4NCiAgICA8L3NhbWwycDpTdGF0dXM+DQogICAgPHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9IjM4NTUzMzQ3NDUyNjQ4NTE4YTUxNDk5MmE2ODJmNDQ3IiBJc3N1ZUluc3RhbnQ9IjIwMjQtMDQtMDlUMTE6NDE6MTkuODkwWiIgVmVyc2lvbj0iMi4wIj4NCiAgICAgICAgPHNhbWwyOlN1YmplY3Q+DQogICAgICAgICAgICA8c2FtbDI6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPkFBQUE8L3NhbWwyOk5hbWVJRD4NCiAgICAgICAgICAgIDxzYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgICAgICAgICAgPHNhbWwyOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iZ2RhZmdqZWVpYWhrbG9waGJhbmJoa2pvbXBkbW9mYW9rZWdvamZmbiIgTm90T25PckFmdGVyPSIyMDI0LTA0LTA5VDExOjQ2OjE5Ljg5MFoiIFJlY2lwaWVudD0iaHR0cHM6Ly9hdXRoLndvcmtzbW9iaWxlLmNvbS9hY3MvY2xpdmUtdHJhbnNsYXRlLmNvLmtyIi8+DQogICAgICAgICAgICA8L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgICAgIDwvc2FtbDI6U3ViamVjdD4NCiAgICAgICAgPHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDI0LTA0LTA5VDExOjQxOjE5Ljg5MFoiIE5vdE9uT3JBZnRlcj0iMjAyNC0wNC0wOVQxMTo0NjoxOS44OTBaIj4NCiAgICAgICAgICAgIDxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICAgICAgICAgIDxzYW1sMjpBdWRpZW5jZT5odHRwczovL2F1dGgud29ya3Ntb2JpbGUuY29tL2Fjcy9jbGl2ZS10cmFuc2xhdGUuY28ua3I8L3NhbWwyOkF1ZGllbmNlPg0KICAgICAgICAgICAgPC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8L3NhbWwyOkNvbmRpdGlvbnM+DQogICAgICAgIDxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjQtMDQtMDlUMTE6NDE6MTkuODkwWiIgU2Vzc2lvbkluZGV4PSI5ODFkMzM3ZjQ2MTE0NDMzYjk0Nzg4YmEzZjM3ZjdjNyIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAyNC0wNC0wOVQxMjo0MToyMy4wNDdaIi8+DQogICAgPC9zYW1sMjpBc3NlcnRpb24+DQo8L3NhbWwycDpSZXNwb25zZT4NCg==

댓글1

이전 글NAVER WORKS 아이디로 로그인 (IdP) 사용시 네이버웍스앱의 로그인 정보
다음 글네이버웍스와 그룹웨어간 SSO 연동중 질문이 있습니다.
목록

궁금한 점을 해결하지 못하셨나요?
지금 바로 NAVER WORKS 사용자들에게 물어보세요!