I create a .net core app with Azure AD authentication. This means the callback url is /signin-oidc. When I run the app directly, everything is fine, and I can log in using Azure AD, but when I put the app behind a Big-IP, I can not. I get a message saying "The reply url specified in the request does not match the reply urls configured for the application".
The app is running on an internal host, say http://my.internal.private/. It is reachable externally on https://my.external.public/ so https://my.external.public/signin-oidc is also configured as a reply URL. It is also reachable when debugging on https://localhost:12345/ so I have also configured https://localhost:12345/signin-oidc as a reply URL.
When I run the app locally, everything works fine, but when I try to run it behind the big-ip, which forwards https://my.external.public/ to http://my.internal.private/ things do not work and I get the error above.
Error: The reply url specified in the request does not match the reply urls configured for the application