Hi I’m having an issue with Azure SSO thirdparty authentication
currently when configured it returns the following error
“The reply URL specified in the request does not match the reply URLs configured for the application:”
Checking the reply url that it calls results in this
https://login.microsoftonline.com/common/oauth2/authorize?client_id=<Correct Client ID>&redirect_uri=https://<CORRECT ENDPOINT URL>/auth/complete/azuread-oauth2/&state=kYkYmtffQh2jGC7y2L0Z1By7ItePjygF&response_type=code&scope=openid+profile+user_impersonation&msafed=0&sso_nonce=AwABAAAAAAACAOz_BAD0_2RBZtQrlGBD0-CKxSOmi6rz_zilLRv288v_K9VXZOAA8634KPAHdL88yQUo7c-jOXMeEPPa4I_vtx4IX1qtvP4gAA&client-request-id=98170e1e-9f0f-407b-9291-4dcd9b3c1794&mscrid=98170e1e-9f0f-407b-9291-4dcd9b3c1794
I have taken out the client ID of the authentication application in Azure and the Full url of the lms for paranoid reasons.
the lms logs show
2021-04-12 07:59:09,834 INFO 22 [tracking] [user None] [ip 81 .156.91.69] logger.py:42 - {"name": "/auth/login/azuread-oauth2/", "context": {" user_id": null, "path": "/auth/login/azuread-oauth2/", "course_id": "", "org_id" : ""}, "username": "", "session": "4b9b113bc720d502fe432b39b3b57989", "ip": "81. 156.91.69", "agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537. 36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75", "hos t": "<LMS URL>", "referer": "https://<LMS URL>/login?next=%2F" , "accept_language": "en-GB,en;q=0.9,en-US;q=0.8", "event": "{\"GET\": {\"auth_e ntry\": [\"login\"], \"next\": [\"/\"]}, \"POST\": {}}", "time": "2021-04-12T07: 59:09.834163+00:00", "event_type": "/auth/login/azuread-oauth2/", "event_source" : "server", "page": null} lms_1 | [pid: 22|app: 0|req: 77/457] 172.18.0.13 () {54 vars in 1436 bytes} [Mon Apr 12 07:59:09 2021] GET /auth/login/azuread-oauth2/?auth_entry=log in&next=%2F => generated 0 bytes in 22 msecs (HTTP/1.0 302) 9 headers in 888 byt es (1 switches on core 0)
Has anyone done this since the introduction of Caddy as a SSL endpoint? My Current working theories are
- the termination of The SSL at caddy is causing a reply url issue
or more likely - There is something in the code that has changed and the documentation of the urls to provide are really far out of wack and I just can’t figure it out.
any help would be appreciated.