如何让 Shiny-server 使用 Azure Active Directory [英] How do I get Shiny-server to working with Azure Active Directory

问题描述

我正在使用 Azure Webapps for Containers 来托管 R Shiny-Server.我想使用 Azure Active Directory 对登录应用的用户进行身份验证和授权.

I am using Azure Webapps for Containers to host an R Shiny-Server. I want to use Azure Active Directory to authenticate and authorize the user logging into the app.

我正在使用来自 dockerhub 的 rocker/shiny 映像，并且该映像可以轻松构建和运行.但是，当我打开 Active Directory 时，该应用程序不再工作.任何关于可能出错的提示和线索都会有很大帮助.

I am using the rocker/shiny image from dockerhub and the image builds and run easily. However, when I am turning on Active Directory the app does not work anymore. Any hints and clues on what might be wrong would be of great help.

推荐答案

我遇到了同样的空"页面问题，因为浏览器加载静态文件在激活 AD 身份验证时返回 HTTP 400.我在最新版本的 Shiny 服务器 (v1.5.12.933) 和 Shiny (1.4.0) 上的 Azure App Services 上的 docker 容器中有一个 Shiny 应用程序.

I got the same problem of an "empty" page, because loading of static files by the browser returned HTTP 400 when activating AD authentication. I have a Shiny app in a docker container on Azure App Services on the latest version of Shiny server (v1.5.12.933) and Shiny (1.4.0).

这意味着这里描述的问题 https://community.rstudio.com/t/shiny-v1-3-known-regressions-and-serious-issues/28180/4 我首先怀疑这不是原因.

This means the problem described here https://community.rstudio.com/t/shiny-v1-3-known-regressions-and-serious-issues/28180/4 which I suspected first is not the reason.

没有 AD 身份验证页面可以正确显示.负责 AD 身份验证的 Azure 代理会注入一些 HTTP 标头和 cookie.我通过 tcpflow -p -c -i eth0 port 3838 检查了服务器端的完整 HTTP 请求，并查看了负责 HTTP 的底层 R 库 httpuv连接到 Shiny 服务器.

w/o AD authentication the page is displayed correctly. The Azure proxy responsible for AD authentication injects some HTTP headers and cookies. I inspected the full HTTP request on server side via tcpflow -p -c -i eth0 port 3838 and had a look at the underlying R library httpuv which is responsible for the HTTP connection to the Shiny server.

在搜索此库中返回 HTTP 400 代码的位置时，我发现https://github.com/rstudio/httpuv/blob/master/src/webapplication.cpp和下面的代码片段

When searching where in this library HTTP 400 codes are returned I found https://github.com/rstudio/httpuv/blob/master/src/webapplication.cpp and the following code snippet

// Make sure that there's no message body.
  if (pRequest->hasHeader("Content-Length") || pRequest->hasHeader("Transfer-Encoding")) {
    return error_response(pRequest, 400);
  }

虽然到达服务器的请求具有标头 Content-Length: 0，但如果 AD 身份验证关闭，则该标头不存在.

while the request arriving at the server had the header Content-Length: 0 which is not present if AD authentication is turned off.

我为 httpuv 创建了修复和 PR，请参阅问题 https://github.com/rstudio/httpuv/issues/247.

I created a fix and PR for httpuv, see issue https://github.com/rstudio/httpuv/issues/247.

只要没有合并到他们的仓库中，你就可以使用它.

You can use it as long as it is not merged into their repo.

快跑

R -e 'library(devtools);install_github("LHaferkamp/httpuv")'

在你的 Dockerfile 中

in your Dockerfile

这篇关于如何让 Shiny-server 使用 Azure Active Directory的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！