Reply URL mismatch while performing azure AD authentication in spring bot

0
votes

I am trying to implement azure ad authentication in spring boot web application. I have registered application and added below redirect uri

https://xxxxxxxxxxxxx/xxxxxxxxx/login/oauth2/code/azure/
http://localhost:8080/login/oauth2/code/azure/

When tested in localhost, everything is working fine. Below is the content of application.properties

application.properties

#disable the white label error page entirely
server.error.whitelabel.enabled=false

spring.jackson.serialization.FAIL_ON_EMPTY_BEANS=false

# Specifies your Active Directory ID:
azure.activedirectory.tenant-id=x-xxxxx-xxxxx-xxx-xxxxxxx

# Specifies your App Registration's Application ID:
azure.activedirectory.client-id=xxxxx-xxxx-xxxx-xxxx-xxxxxxx

# Specifies your App Registration's secret key:
azure.activedirectory.client-secret=xxxxxxxxxxxxx

POM.xml

<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
   <groupId>com.microsoft.azure</groupId>
   <artifactId>azure-active-directory-spring-boot-starter</artifactId>
   <version>3.0.0</version>
</dependency>

when i deploy the code, i am getting microsoft login prompts which reuquest url as

https://login.microsoftonline.com/xxxxx-xxx-xx4257-af76-xxxxxx/oauth2/v2.0/authorize?response_type=code&client_id=x-f62xxxd-4710-xxxx-xxx&scope=openid%20profile&state=OaHbZ_NFyiEWwHwy2V3Eg2x28yBgHB2Mz8eLJiNCWos%3D&redirect_uri=http://xxxxxxxx/xxxxxx/login/oauth2/code/azure&nonce=cvWDxorVEfhZU7TyhbsJbnePsbB3vHSh6B2TdRscUAE

Redirect URI in request header is http while what i have configured is portal is https. SO thats giving reply url mismatch error. How can i force https redirect uri in request?

I tried adding

 azure.activedirectory.redirect-uri-template= https://xxxxxxxxxxxx/xxxxxxx/login/oauth2/code/azure/

This didn't worked as well. Thanks in advance

Subham

1
javaspringspring-bootazure-active-directory
Please try to add server.forward-headers-strategy=native in applications.properties. For more details, please refer to stackoverflow.com/questions/64403718/…Jim Xu
I tried this, This doesn't worked as wellsubham
please try to add these security.oauth2.client.pre-established-redirect-uri=https://yourappurl.net/login security.oauth2.client.registered-redirect-uri=https://yourappurl.net/login security.oauth2.client.use-current-uri=false server.tomcat.remote-ip-header=x-forwarded-for server.tomcat.protocol-header=x-forwarded-proto server.tomcat.use-relative-redirects=true server.use-forward-headers=true server.tomcat.internal-proxies=.*Jim Xu
Thanks for these options. Tomcat headers worked for me.. i am not getting reply url error, but now i am getting invalid credential.. this can be related to load balancer configured?subham

1 Answers

-1
votes

A Redirect_URI is the URI, where we want Azure AD or our IDP to post the response back, after a successful authentication and token issuance. Now if the redirect_uri mentioned in our request (going from the App to IDP [Azure AD in this case]) and then redirect_uri configured in Azure AD's App registration doesn't match, AAD, throws the URL mismatch error.

To troubleshoot this issue and understand what is the Redirect URI the application is sending, I have mentioned the detailed steps here: https://docs.microsoft.com/en-us/answers/questions/270056/aadsts50011-the-reply-url-specified-in-the-request-17.html

You can also check the following sample for more information: https://github.com/Azure/azure-sdk-for-java/tree/azure-spring-boot-starter-active-directory_3.4.0/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp