Spring boot application with Azure AD throws Reply URL does not match

Question

I have a spring boot application integrated with Azure AD SAML login. I have followed this sample to achieve this. It works fine in localhost but on deployment to a prod url, it keeps giving below error

the redirect uri that I see in the authorization request URL starts with http. This is contradictory because Azure App Registration does not allow to configure any non https URLs and only exception is localhost.

In order to match URLs, I tried editing App Registration's manifest in Azure portal to make it http. Now, it seems URLs match but then I get below error:

I have also tried setting https URL both on azure portal and application.properties using "azure.activedirectory.redirect-uri-template" as mentioned in stack overflow post here but that also does not work.

I have also gone through this post but that also didn't help.

Any help would be much appreciated.

Answer 1

In order to solve the error of redirecting to https but the redirect_uri in request still starts with http, there are two similar issues:

1. The HTTPS requests terminate at the proxy and the proxy then uses HTTP protocol to communicate to your Tomcat server. You will face this if you deploy your code on cloud providers like App Service. Answer is here.

In application.properties:

security.oauth2.client.pre-established-redirect-uri=https://yourappurl.net/login
security.oauth2.client.registered-redirect-uri=https://yourappurl.net/login
security.oauth2.client.use-current-uri=false
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
server.tomcat.use-relative-redirects=true
server.use-forward-headers=true
server.tomcat.internal-proxies=.*

2. Add server.forward-headers-strategy=native in applications.properties. Answer is here. For more about this setting, see here.