Sorry, this problem has many variables so I might not be isolating the problem correctly.
Our website/application is using HTTPS under the Play 2.1.2 framework behind Okta. Okta uses SAML to authenticate. Our Java files for all of our pages (in the Java code) has #RequiresAuthentication(clientName = Saml2Client) so the user is forced to log in with their Active Directory login on Okta to access our site.
We used SAMLTracer on Firefox to determine that the webpage seems to be authenticating with Okta through SAML correctly. The problem we're running into is when using HTTPS, we're getting a 404 error for the main page. The log says:
[ERROR] - from application in play-akka.actor.default- dispatcher-9 oops! page not found: uri = /
As an experiment, we used HTTP instead of HTTPS and we don't get that error and our page loads up fine. The routes file is the same so it doesn't make sense that HTTPS doesn't work but HTTP does with the same routes file. The OKTA config are identical for both HTTP and HTTPS, sans the url (for HTTPS we used https:// and port 8443 instead of http:// and port 8080). What else might be causing this problem?
Related
Creating a Springboot oauth2 client to integrate an OIDC provider login in the application.
But the OIDC provider not allowing redirect URLs (working on authorization code flow) with the format of http://localhost: or http://localhost
So every time I want to deploy the code changes to the server to check its working and not able to debug in my development environment.
I'm using my company-provided machine for the development, which not allow to install ngrok.
Can someone please help me to find a way to do the development and debug in my dev machine.
I am implementing oauth2 server using Springboot
I have four microservices
Sales (sales)
Inventory (inventory)
IAM service (Authorization Server, with Oauth2) (http://iam:8089)
Gateway (gateway on http://www.gateway.com)
All these services are behind the Spring clould gateway, and its deployed under K8S, And Gateway is exposed as external interface.
Now if I try to do authenticat user using oauth2 throught gateway like below.
Step 1 :
Http Request http://www.gateway.com/oauth/authorize
So in Response header I am getting like
Location: http://iam:8089/v1/oauth/login (But expectation is http://www.gateway.com/oauth/login)
and because of that browser
redirect me to http://iam:8089/oauth/login
Where Ideally I am expecting that also routed through gateway service something like
http://www.gateway.com/oauth/login
Can someone please help me to solve this.
Thanks
Alpesh
Sounds like a good setup in line with what we recommend at Curity in our IAM Primer Article, with the Authorization Server (AS) behind a reverse proxy or gateway.
In your case the AS listens at http://Iam:8089 but that is an internal URL. The AS also has a 'Base URL' that is used by internet clients, and this is the URL of the gateway, which is http://www.gateway.com in your example:
It will be returned to clients in OpenID Connect discovery requests
It will be returned to browsers in browser redirects during authentication
There should be somewhere in Spring OAuth2 Server where you set the Base URL, similar to that in the Curity Identity Server (see image below). The process should be to set this value and then verify that it is returned in a metadata request. You should then be configured correctly.
In Spring I expect the setting you need is in the fluent configuration somewhere - maybe one of the Configurer classes. I find it pretty hard to find what I'm looking for in Spring though.
i'm trying to integrate java application with azure ad .
i have registered an app in azure and added redirect url's , after successful login , it was redirected to my java application where i am fetching authorization code using msal library.
Getting the below exception
com.microsoft.aad.msal4j.MsalServiceException: AADSTS500112: The reply address
'http://testUrl' does not match the reply address 'https://testUrl
the only difference i see in the above url's is http and https, even though i mentioned https in both redirect url in the app registrations as well as redirect_uri in the microsoft login url.
btw, it was working with my local environment, not working when i hosted it on the server .
We had the same issue after it was deployed in production environment. The reason the https became http is since I was in a load-balanced environment, the outside URL differed from the inside URL (The load balancers off-loaded the SSL processing). When the http request from azure reached our web filter, the httpRequest.getRequestURL().toString() get the http instead of https. What we did is, ask devops team to add a header in httprequest with the original url sent to load balancer, and in our code, we extract the http header instead of the http request itself.
Specifically, change
String currentUri = httpRequest.getRequestURL().toString();
to
String currentUri = httpRequest.req.getHeader(HEADER_PROXY_URL);
The HEADER_PROXY_URL is the header name that devops inject the original url.
According to my research, the redirect URL for web apps and services must begin with the scheme https. If you want to use the scheme http, you just can use http:\\localhost. For more details, please refer to https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison#restrictions-on-redirect-urls
I have angular7 + java web application.
I have configured SSO login for it on a apache tomcat server. Only authentication is done from SSO , Authorization is done using a users table in the application database.
This setup works fine on my local system, Authorization happens for Valid user & invalid user is redirected to access denied page using a custom interceptor typescript code in angular.
But when I deploy this on the server in face an issue. Valid users are logged in perfectly using SSO authentication & application Authorization.
But when I hit the application from an invalid user, it shows the login page with no css applied, instead of the access denied page which it is supposed to redirect to.
In the network I see 500 error for the style.css file and a 403 forbidden error.
There is a problem at your server end, debug your code and fix accordingly.
I think I also faced the same problem when I was updating my data in S3 bucket in AWS,
You just need to fill all empty .css file with something like this :
/* Nothing here*/
I have a GAE/GWT server web application using OAuth 2.0.
Locally (GWT development mode) it works fine (user is being redirected to the access confirmation page, I get a token and I can call google API using this token).
But when I deploy the application to appspot, it fails. Confirmation page looks differently, token returns in different format and google API doesn't work with this token.
Does appspot support OAuth 2.0? Does anybody experience this?
I've been struggling a lot to find out the issue.
In my case I had normally set my appspot url on the console as an authorized URI just as the localhost one, downloaded the json file and had the same redirect_uri_mismatch error.
The solution was to set an http version of the url. For some reason, it won't work if you set only the https one.
Appspot does not suport OAuth http://groups.google.com/group/opendatakit/browse_thread/thread/45ecd1401867154f/0b83b359c2504a74?show_docid=0b83b359c2504a741