主权项 |
1. A network traffic monitoring system for redirecting network traffic between a client device and a cloud service, the system comprising:
a monitor proxy server configured as a network intermediary between the client device and a federated identity provider and between the client device and the cloud service, the monitor proxy server being designated by the cloud service to receive a redirected login request, the redirected login request being a login request originated from the client device and destined for the cloud service for accessing the cloud service, the login request being redirected by the cloud service to the monitor proxy server as the redirected login request wherein the redirected login request identifies the cloud service, the monitor proxy server being configured to provide, on behalf of the client device, a login credential including a password of the client device to the federated identity provider in response to the client device being redirected to the monitor proxy server by the cloud service and to receive from the federated identity provider a redirect response including an identity assertion or token generated by the federated identity provider upon user authentication, the redirect response containing a redirect web address to the cloud service, the monitor proxy server being configured to rewrite the redirect web address to the web address of the monitor proxy server, the monitor proxy server further being configured to rewrite a response web address in network communications between the cloud service and the client device to the web address of the monitor proxy server, wherein network traffic between the cloud service and the client device is routed through the monitor proxy server after user authentication by the federated identity provider. |