I am using Keycloak authentication to authenticate an angular app and so far I have managed to redirect my login to Keycloak server. But when redirected instead of the login page I am getting a 500 error page with the message Invalid parameter: redirect_uri
When you created the client in Keycloak you set the required 'Valid Redirect URIs' field. Most likely the pattern you entered there doesn't match the redirect uri you are sending from your client. If you use ports numbers, they have to match too!.
If this is not the problem, check what your Keycloak server is logging and add those details here to your question.
this is occurred due to base url and valid redirect url are different. So I have added same URL on both the text box.Now its working fine.
Related
I have a pretty straightforward ASP .NET Core web site that uses Azure AD + OpenID for user authentication. Inside Azure I've added "https://my-site/signin-oidc" as a Redirect URI and inside my app settings I've set my CallbackPath to "/signin-oidc".
The problem is after authentication the browser always redirects to the home page.
For example the user will enter the following url into their address bar:
https://my-site/#/foo
They'll then be redirected to the azure sign-in page which has a uri like so:
https://login.microsoftonline.com/.../oauth2/v2.0/authorize?client_id=...&redirect_uri=https%3A%2F%2Fmy-site%3A64199%2Fsignin-oidc&[...]&sso_reload=true#/foo=
(Note where the '#/foo' fragment is placed)
After authentication succeeds they end up at the home page (https://my-site/).
Is there anyway for me to preserve the original URI and redirect the user to it after auth succeeds?
Try using the post_login_redirect_url query parameter for this.
If you want to automatically navigate the user to #/foo' after logging in, you can set your login redirect to ~/.../authorize?post_login_redirect_url=/#/foo.
I'm trying to make an authentication functionality in my app, so when I press the login button, a web browser opens and I get to verify my account, and then I get a token in the URL, the problem is that in order for me to get redirected to my app, I need to make the redirect_uri as so AuthSession.makeRedirectUri( 'gecond://' )
but the website from where I'm getting my authentication doesn't allow this type of redirect_uri ( this is the URI that's being used: "https://preprod.autenticacao.gov.pt/oauth/askauthorization?redirect_uri=exp%3A%2F%2F192.168.2.26%3A19000&client_id=123456789&response_type=token&state=UOgf2pE6S0"),
it only allows a specific redirect_uri (like so "https://preprod.autenticacao.gov.pt/oauth/askauthorization?redirect_uri='https://preprod.autenticacao.gov.pt/OAuth/Authorized'&client_id=123456789&response_type=token&state=UOgf2pE6S0"), but when I use this URI, I do manage to get an access token in the URL of the page, but I'm not redirected back to my app.
I'm fairly new to this type of topic, so I might be missing a few steps.
I'm quite sure you misread the documentation. The reply URL is where you add you application's page where the user is redirected after login.
The URL you used is the example URL from the documentation.
Please check the official documentation.
I've got Azure ServiceFabric web-app (AspNetCore 3) hosted over reverse proxy (NGinx). The app use AzureAD (in company) authentication. I've Registered App for the AD and setup Redirect Urls. After publishing the APP and configuring DNS and reverse proxy I tried to authorize to my app but failed with error
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '...-...-...-...-...'.
I snifed the request and found that it redirects to the internal IP but not domain name
https://login.microsoftonline.com/aeb55839-c47b-4fea-8d95-912f673fa7ac/oauth2/v2.0/authorize?client_id=.....&redirect_uri=http%3A%2F%2F10.2.0.5%3A44321%2Fsignin-oidc...
It seems that I've looked everywhere but I cannot stil found where I can specify redirect url manually (only CallbackPath).
Does anyone solve the issue?
Update 1.
Add screenshot from Azure Portal
Update 2
Mannually add http://10.2.0.5:44321/signin-oidc to the Redirect Url, get a new exception
AADSTS500117: The reply uri specified in the request isn't using a secure scheme.
I wonder whether I have to make my ASF cluster secured to allow AD Authorization? It seems to me strange due to I want to secure traffic to reverse proxy only.
This error will occur when there is a mismatch of redirect URI being sent in the request to AAD while fetching the token and the one registered with the Application Registration Object in AAD portal.
In App Registration blade of AAD and look for the redirect URI section present under "Authentication" section of the registered application and update the redirection
URL. Please refer to the screenshot below:
update:-
The Reply url you are using in your code is http://10.2.0.5:44321/signin-oidc which is different from reply url defined in Azure AD i.e., https://dev-adm.project-llc.ru/signin-oidc. Please update the reply url in code or in AAD.
We have an on-prem asp.net core app that leverage AAD for authentication, the app is setup to run in both:
http://domainserver/app
&
https://domainserver/app
In Azure AD the reply url for the application is setup as
http://domainserver/app/signin-oidc & https://domainserver/app/signin-oidc
When using http url, the sign-in process works fine, however in https mode, we get the following error:
AADSTS50011: The reply address ‘https://domainserver/app/signin-oidc’
does not match the reply addresses configured for the application:
appguid . More details: not specified
The reply https url is setup in AAD for the App exactly as it appears in the error message, so I’m not sure why it says it’s not matching.
One reason I can think of is that the SSL certificate used for https is a local domain signed certificate, and somehow it’s causing the error. But I’m not sure if that’s the case since AAD is just responsible to redirect back to the specified url, should not really care or know about the validity of the SSL.
Here is the image showing the setting url, the redirect url and the error message url matches exactly. You just have to trust me the part that's blocked out are also the same. :)
Anyone got any ideas why this happens?
Protocol matters. Azure AD will treat http://website.com and https://website.com as different reply URLs. However Azure can only let your put in multiple Reply URLs in a same domain. There is a case solution may be helpful to you:
Issue: Using the Azure AD authentication option to sign into the Skype for Business (SfB) Web SDK and you are seeing an AAD error page . The error page should have this message:
"AADSTS50011: The reply address 'https://...' does not match the reply
addresses configured for the application <...>"
Solution:
You need to configure the main domain name where you're hosting your app as a reply URL in the AAD registration for your app and pass it as the redirect_uri when redirecting to AAD to allow the user to sign in.
You should be using code like this to redirect the user to enter her credentials to sign into Azure AD:
var href = 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=';
href += client_id + '&resource=https://webdir.online.lync.com&redirect_uri=' + window.location.href;
window.location.href = href;
Note In the code above that we are using window.location.href as the value of the redirect_uri query parameter in forming the URL of the AAD endpoint where the user will sign in. This parameter tells AAD to redirect the client browser and the access token obtained by signing into AAD back to the page we're currently on - the main app page. However, AAD will only redirect the access token to URLs that are specified as Reply URLs in the app registration in AAD.
Follow these steps to check your configured Reply URLs and add additional ones:
Sign into portal.azure.com with an account that's an administrator on your tenant.
Navigate to Azure Active Directory in the left side bar > App registrations > Your app > All settings > Reply URLS.
Type the domain name where you're hosting your app and click Save.
This solution is from this document.
Update
According to your screenshot, your Reply URI is different:
https://domainserver/app/signin-oidc
is not in your Reply URL list,
in your Reply URL list is
https://domainserver/app/signin-odic
Go to change them as same URL .
I've recently decided to migrate over to using servicestack authentication. From what I can tell, to have a redirect after a successful login of an oauth provider, you add the url to the appSettings of your web.config, i.e. oauth.GoogleOpenId.RedirectUrl.
My question is, is there anyway to make this more dynamic so that if a user get's redirected to the log on page when trying to access an authorized page, say their profile page, that once they log on successfully they get routed to their profile page instead of what's configured in the web.config? Forms authentication did this by using a 'returnUrl' query parameter.
Any help would be appreciated.
The behavior of accessing a protected page, redirecting to a /login page (overridable with HtmlRedirect on AuthFeature or Authenticate attribute) and on successful login should automatically redirect to the previously attempted protected page.
To do this you want to specify the redirect url in the continue or ReturnUrl FormData POST variable or QueryString when attempting to authenticate with the /auth service.