Reputation: 1220
Redirect URL changes from https to http after users authenticated with azure active directory in azure aks
I've been struggling to find a solution for this issue. Basically I have web application that allows users to sign in with their azure active directory using OpenIdConnect. Everything works perfectly fine on my local. However, when deployed to azure aks, somehow the redirect url changes from https to http when user is authenticated. This causes an exception in azure ad:
AADSTS50011: The redirect URI 'http://example.abc.com/signin-oidc' specified in the request does not match the redirect URIs configured for the application 'c853f6fe-5f4a-436e-b329-ff6da9ab89ab'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
I defined the redirect URI in the application as https://example.abc.com/signin-oidc and no wonder that it does not match. However, I'm struggling to find out why it's happening and how I can resolve it. I'm using .NET 6 and AKS client version 1.22.
Any help would be greatly appreciated. Thank you
Upvotes: 3
Views: 3516
Answers (2)
Reputation: 10292
AADSTS50011: The redirect URI 'http://example.abc.com/signin-oidc' specified in the request does not match the redirect URIs configured for the application 'c853f6fe-5f4a-436e-b329-ff6da9ab89ab'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
The above error occurs usually when redirect Url in the authentication are not configured in Azure AD like.
- Accessing Website from a different address than what you have defined for your application causes an error.
- please check if you have made a mistake in the configuration itself.
From your case :
- Please make sure you set ssl redirects url to True
Note: By default controller redirects HTTP clients to 443 port -https ,if it has TLS is enabled
- In ingress routing yaml file if it is set to
false, try to set it or modify it totrue
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
- Also as you said you are using
.net make sure you have set headers to true.
Please check that header size in 32k in annotations.
nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"
Upvotes: 1
Reputation: 1220
I finally figured out the solution for myself. Thanks to the answer in other SOF
Since I'm using .NET 6, all I have to do is
Set the ASPNETCORE_FORWARDEDHEADERS_ENABLED = true AND
Add these two lines suggested from @Venkatesan to my ingress yml
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
Everything works perfectly after that.
Thank you everyone.
Upvotes: 2
Related Questions
- How to disable HTTPS redirection in Azure Website
- Redirect URI sent as HTTP and not HTTPS in app running HTTPS
- How to set redirect_uri protocol to HTTPS in Azure Web Apps
- Azure AD redirect URI changes from https to http
- AzureAD middleware breaking because of HTTP/HTTPS redirectUri issue
- Identity Server 4 changing my redirect uri on azure
- Issue on Redirect URI in DotNet MVC Web App during Authentication
- Azure AD Authentication redirect_uri not using https on linux-hosted (Cloud Foundry) ASP.NET Core 2.2 application
- Azure App Service https only - wrong redirect with authorize attribute
- Redirect from https to http in Azure Web App service