feat(sso): 인앱 브라우저 SSO 토큰 릴레이 — 카톡 WebView 쿠키 미공유 해결

카카오톡 인앱 WebView는 서브도메인 간 쿠키를 공유하지 않아 tkds에서 로그인 후 tkfb로 리다이렉트 시 인증이 풀리는 문제. - sso-relay.js: URL hash의 _sso= 토큰을 로컬 쿠키+localStorage로 설정 - gateway dashboard: 로그인 후 redirect URL에 #_sso=<token> 추가 - 전 서비스 HTML: core JS 직전에 sso-relay.js 로드 (81개 파일) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 15:44:02 +09:00
parent de6d918d42
commit 0de9d5bb48
90 changed files with 398 additions and 3 deletions
--- a/gateway/html/dashboard.html
+++ b/gateway/html/dashboard.html
@@ -781,7 +781,8 @@

                var redirect = new URLSearchParams(location.search).get('redirect');
                if (redirect && isSafeRedirect(redirect)) {
-                    window.location.href = redirect;
+                    var sep = redirect.indexOf('#') === -1 ? '#' : '&';
+                    window.location.href = redirect + sep + '_sso=' + encodeURIComponent(data.access_token);
                } else {
                    window.location.href = '/dashboard';
                }
@@ -840,7 +841,8 @@
                        // Already logged in + redirect param
                        var redirect = params.get('redirect');
                        if (redirect && isSafeRedirect(redirect)) {
-                            window.location.href = redirect;
+                            var sep = redirect.indexOf('#') === -1 ? '#' : '&';
+                            window.location.href = redirect + sep + '_sso=' + encodeURIComponent(token);
                            return;
                        }

--- a/shared/frontend/sso-relay.js
+++ b/shared/frontend/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/system1-factory/web/index.html
+++ b/system1-factory/web/index.html
@@ -10,6 +10,7 @@
  if('serviceWorker' in navigator){navigator.serviceWorker.getRegistrations().then(function(r){r.forEach(function(reg){reg.unregister()});})}
  if('caches' in window){caches.keys().then(function(k){k.forEach(function(key){caches.delete(key)})})}
  </script>
+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script>
    // SSO 토큰 확인
--- a/system1-factory/web/js/sso-relay.js
+++ b/system1-factory/web/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/system1-factory/web/pages/admin/attendance-report.html
+++ b/system1-factory/web/pages/admin/attendance-report.html
@@ -190,6 +190,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/admin/equipment-detail.html
+++ b/system1-factory/web/pages/admin/equipment-detail.html
@@ -314,6 +314,7 @@
    </div>
  </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/admin/equipments.html
+++ b/system1-factory/web/pages/admin/equipments.html
@@ -190,6 +190,7 @@
    </div>
  </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/admin/purchase-analysis.html
+++ b/system1-factory/web/pages/admin/purchase-analysis.html
@@ -135,6 +135,7 @@
            </div>
        </div>
    </div>
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/static/js/purchase-analysis.js?v=2026040103"></script>
 </body>
--- a/system1-factory/web/pages/admin/repair-management.html
+++ b/system1-factory/web/pages/admin/repair-management.html
@@ -507,6 +507,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script>
--- a/system1-factory/web/pages/attendance/annual-overview.html
+++ b/system1-factory/web/pages/attendance/annual-overview.html
@@ -390,6 +390,7 @@
    </div>
  </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/checkin.html
+++ b/system1-factory/web/pages/attendance/checkin.html
@@ -234,6 +234,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/daily.html
+++ b/system1-factory/web/pages/attendance/daily.html
@@ -70,6 +70,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/monthly-comparison.html
+++ b/system1-factory/web/pages/attendance/monthly-comparison.html
@@ -162,6 +162,7 @@
    <!-- Toast -->
    <div id="toastContainer" class="toast-container"></div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/monthly-comparison.js?v=2026040109"></script>
--- a/system1-factory/web/pages/attendance/monthly.html
+++ b/system1-factory/web/pages/attendance/monthly.html
@@ -489,6 +489,7 @@
    </div>
  </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/my-monthly-confirm.html
+++ b/system1-factory/web/pages/attendance/my-monthly-confirm.html
@@ -104,6 +104,7 @@
    <!-- Toast -->
    <div id="toastContainer" class="toast-container"></div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/my-monthly-confirm.js?v=2026040106"></script>
--- a/system1-factory/web/pages/attendance/my-vacation-info.html
+++ b/system1-factory/web/pages/attendance/my-vacation-info.html
@@ -267,6 +267,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-allocation.html
+++ b/system1-factory/web/pages/attendance/vacation-allocation.html
@@ -353,6 +353,7 @@
    </div>
  </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script type="module" src="/js/vacation-allocation.js" defer></script>
--- a/system1-factory/web/pages/attendance/vacation-approval.html
+++ b/system1-factory/web/pages/attendance/vacation-approval.html
@@ -130,6 +130,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-input.html
+++ b/system1-factory/web/pages/attendance/vacation-input.html
@@ -123,6 +123,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-management.html
+++ b/system1-factory/web/pages/attendance/vacation-management.html
@@ -215,6 +215,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-request.html
+++ b/system1-factory/web/pages/attendance/vacation-request.html
@@ -117,6 +117,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/attendance/work-status.html
+++ b/system1-factory/web/pages/attendance/work-status.html
@@ -286,6 +286,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
--- a/system1-factory/web/pages/dashboard-new.html
+++ b/system1-factory/web/pages/dashboard-new.html
@@ -47,6 +47,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/production-dashboard.js?v=2026040103"></script>
    <script src="/static/js/shared-bottom-nav.js?v=2026040103"></script>
--- a/system1-factory/web/pages/dashboard.html
+++ b/system1-factory/web/pages/dashboard.html
@@ -324,6 +324,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script type="module" src="/js/modern-dashboard.js?v=2026031401"></script>
--- a/system1-factory/web/pages/inspection/daily-patrol.html
+++ b/system1-factory/web/pages/inspection/daily-patrol.html
@@ -209,6 +209,7 @@
      }, 50);
    })();
  </script>
+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="/js/daily-patrol.js?v=2026031401"></script>
--- a/system1-factory/web/pages/inspection/zone-detail.html
+++ b/system1-factory/web/pages/inspection/zone-detail.html
@@ -304,6 +304,7 @@
      }, 50);
    })();
  </script>
+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="/js/zone-detail.js?v=2026031401"></script>
--- a/system1-factory/web/pages/profile/info.html
+++ b/system1-factory/web/pages/profile/info.html
@@ -320,6 +320,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script type="module" src="/js/my-profile.js"></script>
--- a/system1-factory/web/pages/profile/password.html
+++ b/system1-factory/web/pages/profile/password.html
@@ -390,6 +390,7 @@
        </div>
    </div>

+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script>initAuth();</script>
  <script src="/js/change-password.js?v=2026040101"></script>
--- a/system1-factory/web/pages/purchase/request-mobile.html
+++ b/system1-factory/web/pages/purchase/request-mobile.html
@@ -97,6 +97,7 @@
        <div class="pm-sheet-body" id="detailContent"></div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/static/js/purchase-request-mobile.js?v=2026040104"></script>
    <script src="/static/js/shared-bottom-nav.js?v=2026040103"></script>
--- a/system1-factory/web/pages/purchase/request.html
+++ b/system1-factory/web/pages/purchase/request.html
@@ -312,6 +312,7 @@
            </div>
        </div>
    </div>
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/static/js/purchase-request.js?v=2026040104"></script>
 </body>
--- a/system1-factory/web/pages/work/analysis.html
+++ b/system1-factory/web/pages/work/analysis.html
@@ -277,6 +277,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script type="module" src="/js/work-analysis.js?v=2026031401"></script>
--- a/system1-factory/web/pages/work/daily-status.html
+++ b/system1-factory/web/pages/work/daily-status.html
@@ -163,6 +163,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/daily-status.js?v=2026033001"></script>
--- a/system1-factory/web/pages/work/meeting-detail.html
+++ b/system1-factory/web/pages/work/meeting-detail.html
@@ -193,6 +193,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/meeting-detail.js?v=2026031701"></script>
 </body>
--- a/system1-factory/web/pages/work/meetings.html
+++ b/system1-factory/web/pages/work/meetings.html
@@ -80,6 +80,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/meetings.js?v=2026031701"></script>
 </body>
--- a/system1-factory/web/pages/work/proxy-input.html
+++ b/system1-factory/web/pages/work/proxy-input.html
@@ -114,6 +114,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/proxy-input.js?v=2026033202"></script>
--- a/system1-factory/web/pages/work/report-create-mobile.html
+++ b/system1-factory/web/pages/work/report-create-mobile.html
@@ -190,6 +190,7 @@
  </div>

  <!-- 공통 모듈 -->
+  <script src="/js/sso-relay.js?v=20260401"></script>
  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="/js/common/utils.js?v=2026031401"></script>
--- a/system1-factory/web/pages/work/report-create.html
+++ b/system1-factory/web/pages/work/report-create.html
@@ -149,6 +149,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script src="/js/common/utils.js?v=2026031401"></script>
--- a/system1-factory/web/pages/work/schedule.html
+++ b/system1-factory/web/pages/work/schedule.html
@@ -347,6 +347,7 @@
        </div>
    </div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/schedule.js?v=2026031701"></script>
    <script>
--- a/system1-factory/web/pages/work/tbm-create.html
+++ b/system1-factory/web/pages/work/tbm-create.html
@@ -843,6 +843,7 @@
    </div>

    <!-- Scripts -->
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <!-- 공통 모듈 -->
--- a/system1-factory/web/pages/work/tbm-mobile.html
+++ b/system1-factory/web/pages/work/tbm-mobile.html
@@ -264,6 +264,7 @@
    </div>

    <!-- 공통 모듈 -->
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <script src="/js/common/utils.js?v=2026040101"></script>
--- a/system1-factory/web/pages/work/tbm.html
+++ b/system1-factory/web/pages/work/tbm.html
@@ -573,6 +573,7 @@
    <!-- 토스트 -->
    <div class="toast-container" id="toastContainer"></div>

+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkfb-core.js?v=2026040105"></script>
    <script src="/js/api-base.js?v=2026031602"></script>
    <script src="/js/common/utils.js?v=2026031602"></script>
--- a/system2-report/web/js/sso-relay.js
+++ b/system2-report/web/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/system2-report/web/pages/safety/chat-report.html
+++ b/system2-report/web/pages/safety/chat-report.html
@@ -6,6 +6,7 @@
    <title>AI 신고 도우미 | (주)테크니컬코리아</title>
    <link rel="icon" type="image/png" href="/img/favicon.png">
    <link rel="stylesheet" href="/css/chat-report.css?v=2026031401">
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <script src="/js/app-init.js?v=2026031401" defer></script>
 </head>
--- a/system2-report/web/pages/safety/issue-detail.html
+++ b/system2-report/web/pages/safety/issue-detail.html
@@ -8,6 +8,7 @@
    <link rel="stylesheet" href="/css/common.css?v=2026031401">
    <link rel="stylesheet" href="/css/project-management.css?v=2026031401">
    <link rel="icon" type="image/png" href="/img/favicon.png">
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <script src="/js/app-init.js?v=2026031401" defer></script>
    <script src="https://instant.page/5.2.0" type="module"></script>
--- a/system2-report/web/pages/safety/issue-report.html
+++ b/system2-report/web/pages/safety/issue-report.html
@@ -5,6 +5,7 @@
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
    <title>신고 등록 | (주)테크니컬코리아</title>
    <link rel="icon" type="image/png" href="/img/favicon.png">
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <script src="/js/app-init.js?v=2026031401" defer></script>
    <style>
--- a/system2-report/web/pages/safety/report-status.html
+++ b/system2-report/web/pages/safety/report-status.html
@@ -8,6 +8,7 @@
    <link rel="stylesheet" href="/css/common.css?v=2026031401">
    <link rel="stylesheet" href="/css/project-management.css?v=2026031401">
    <link rel="icon" type="image/png" href="/img/favicon.png">
+    <script src="/js/sso-relay.js?v=20260401"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <script src="/js/app-init.js?v=2026031401" defer></script>
    <script src="https://instant.page/5.2.0" type="module"></script>
--- a/system3-nonconformance/web/ai-assistant.html
+++ b/system3-nonconformance/web/ai-assistant.html
@@ -277,6 +277,7 @@
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/core/page-manager.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
    <script src="/static/js/utils/toast.js?v=2026031401"></script>
--- a/system3-nonconformance/web/issue-view.html
+++ b/system3-nonconformance/web/issue-view.html
@@ -111,6 +111,7 @@
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/core/page-manager.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
    <script src="/static/js/utils/photo-modal.js?v=2026031401"></script>
--- a/system3-nonconformance/web/issues-archive.html
+++ b/system3-nonconformance/web/issues-archive.html
@@ -201,6 +201,7 @@
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/core/page-manager.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
    <script src="/static/js/utils/photo-modal.js?v=2026031401"></script>
--- a/system3-nonconformance/web/issues-dashboard.html
+++ b/system3-nonconformance/web/issues-dashboard.html
@@ -554,6 +554,7 @@
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/core/page-manager.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
    <script src="/static/js/utils/photo-modal.js?v=2026031401"></script>
--- a/system3-nonconformance/web/issues-inbox.html
+++ b/system3-nonconformance/web/issues-inbox.html
@@ -373,6 +373,7 @@
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/core/page-manager.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/components/mobile-calendar.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
--- a/system3-nonconformance/web/issues-management.html
+++ b/system3-nonconformance/web/issues-management.html
@@ -343,6 +343,7 @@
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/core/page-manager.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
    <script src="/static/js/utils/photo-modal.js?v=2026031401"></script>
--- a/system3-nonconformance/web/m/dashboard.html
+++ b/system3-nonconformance/web/m/dashboard.html
@@ -186,6 +186,7 @@

    <!-- 스크립트 -->
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
--- a/system3-nonconformance/web/m/inbox.html
+++ b/system3-nonconformance/web/m/inbox.html
@@ -194,6 +194,7 @@

    <!-- 스크립트 -->
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
--- a/system3-nonconformance/web/m/management.html
+++ b/system3-nonconformance/web/m/management.html
@@ -174,6 +174,7 @@

    <!-- 스크립트 -->
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/utils/issue-helpers.js?v=2026031401"></script>
--- a/system3-nonconformance/web/reports-daily.html
+++ b/system3-nonconformance/web/reports-daily.html
@@ -185,6 +185,7 @@
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>

    <script>
--- a/system3-nonconformance/web/reports-monthly.html
+++ b/system3-nonconformance/web/reports-monthly.html
@@ -72,6 +72,7 @@
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>

    <script>
--- a/system3-nonconformance/web/reports-weekly.html
+++ b/system3-nonconformance/web/reports-weekly.html
@@ -71,6 +71,7 @@
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>

    <script>
--- a/system3-nonconformance/web/reports.html
+++ b/system3-nonconformance/web/reports.html
@@ -173,6 +173,7 @@
    <script src="/static/js/core/permissions.js?v=2026031401"></script>
    <script src="/static/js/components/common-header.js?v=2026031401"></script>
    <script src="/static/js/api.js?v=2026031401"></script>
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/core/auth-manager.js?v=2026031401"></script>

    <script>
--- a/system3-nonconformance/web/static/js/sso-relay.js
+++ b/system3-nonconformance/web/static/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/tkpurchase/web/accounts.html
+++ b/tkpurchase/web/accounts.html
@@ -133,6 +133,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-accounts.js?v=2026031601"></script>
    <script>initAccountsPage();</script>
--- a/tkpurchase/web/daylabor.html
+++ b/tkpurchase/web/daylabor.html
@@ -148,6 +148,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-daylabor.js?v=2026031601"></script>
    <script>initDayLaborPage();</script>
--- a/tkpurchase/web/index.html
+++ b/tkpurchase/web/index.html
@@ -88,6 +88,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-dashboard.js?v=2026031601"></script>
    <script>initDashboard();</script>
--- a/tkpurchase/web/partner-history.html
+++ b/tkpurchase/web/partner-history.html
@@ -61,6 +61,7 @@
        <div id="historyPagination" class="mt-4 flex justify-center gap-2"></div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-partner-history.js?v=2026031602"></script>
    <script>initPartnerHistory();</script>
--- a/tkpurchase/web/partner-portal.html
+++ b/tkpurchase/web/partner-portal.html
@@ -81,6 +81,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-partner-portal.js?v=2026031602"></script>
    <script>initPartnerPortal();</script>
--- a/tkpurchase/web/partner.html
+++ b/tkpurchase/web/partner.html
@@ -294,6 +294,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-partner.js?v=2026031601"></script>
    <script>initPartnerPage();</script>
--- a/tkpurchase/web/schedule.html
+++ b/tkpurchase/web/schedule.html
@@ -275,6 +275,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-schedule.js?v=2026031602"></script>
    <script>initSchedulePage();</script>
--- a/tkpurchase/web/static/js/sso-relay.js
+++ b/tkpurchase/web/static/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/tkpurchase/web/workreport-summary.html
+++ b/tkpurchase/web/workreport-summary.html
@@ -100,6 +100,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-workreport-summary.js?v=2026031601"></script>
    <script>initSummaryPage();</script>
--- a/tkpurchase/web/workreport.html
+++ b/tkpurchase/web/workreport.html
@@ -114,6 +114,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkpurchase-core.js?v=2026040101"></script>
    <script src="/static/js/tkpurchase-workreport.js?v=2026031601"></script>
    <script>initWorkReportPage();</script>
--- a/tksafety/web/checklist.html
+++ b/tksafety/web/checklist.html
@@ -164,6 +164,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-checklist.js?v=2026031401"></script>
    <script>initChecklistPage();</script>
--- a/tksafety/web/education.html
+++ b/tksafety/web/education.html
@@ -190,6 +190,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-education.js?v=2026031401"></script>
    <script>initEducationPage();</script>
--- a/tksafety/web/entry-dashboard.html
+++ b/tksafety/web/entry-dashboard.html
@@ -106,6 +106,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-entry-dashboard.js?v=2026031401"></script>
    <script>initEntryDashboard();</script>
--- a/tksafety/web/index.html
+++ b/tksafety/web/index.html
@@ -277,6 +277,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-visit.js?v=2026031401"></script>
    <script>initVisitPage();</script>
--- a/tksafety/web/risk-assess.html
+++ b/tksafety/web/risk-assess.html
@@ -210,6 +210,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-risk.js?v=2026031501"></script>
    <script>initRiskAssessPage();</script>
--- a/tksafety/web/risk-projects.html
+++ b/tksafety/web/risk-projects.html
@@ -166,6 +166,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-risk.js?v=2026031501"></script>
    <script>
--- a/tksafety/web/static/js/sso-relay.js
+++ b/tksafety/web/static/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/tksafety/web/training.html
+++ b/tksafety/web/training.html
@@ -214,6 +214,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-training.js"></script>
    <script>initTrainingPage();</script>
--- a/tksafety/web/visit-management.html
+++ b/tksafety/web/visit-management.html
@@ -184,6 +184,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-visit-management.js?v=2026031401"></script>
    <script>initVisitManagementPage();</script>
--- a/tksafety/web/visit-request.html
+++ b/tksafety/web/visit-request.html
@@ -148,6 +148,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-visit-request.js?v=2026031401"></script>
    <script>initVisitRequestPage();</script>
--- a/tksupport/web/company-holidays.html
+++ b/tksupport/web/company-holidays.html
@@ -108,6 +108,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    async function initPage() {
--- a/tksupport/web/index.html
+++ b/tksupport/web/index.html
@@ -123,6 +123,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    let vacationTypes = [];
--- a/tksupport/web/static/js/sso-relay.js
+++ b/tksupport/web/static/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/tksupport/web/vacation-admin.html
+++ b/tksupport/web/vacation-admin.html
@@ -113,6 +113,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    const TYPE_COLOR = {
--- a/tksupport/web/vacation-approval.html
+++ b/tksupport/web/vacation-approval.html
@@ -203,6 +203,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    let reviewAction = '';
--- a/tksupport/web/vacation-dashboard.html
+++ b/tksupport/web/vacation-dashboard.html
@@ -145,6 +145,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    const TYPE_COLOR = {
--- a/tksupport/web/vacation-request.html
+++ b/tksupport/web/vacation-request.html
@@ -84,6 +84,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    async function initRequestPage() {
--- a/tksupport/web/vacation-status.html
+++ b/tksupport/web/vacation-status.html
@@ -120,6 +120,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksupport-core.js?v=2026040101"></script>
    <script>
    let cachedRequests = [];
--- a/user-management/web/index.html
+++ b/user-management/web/index.html
@@ -2418,6 +2418,7 @@
    </div>

    <!-- JS: Core (config, token, api, toast, helpers, init) -->
+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tkuser-core.js?v=2026040101"></script>
    <!-- JS: Tabs -->
    <script src="/static/js/tkuser-tabs.js?v=2026032301"></script>
--- a/user-management/web/static/js/sso-relay.js
+++ b/user-management/web/static/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();