-
Notifications
You must be signed in to change notification settings - Fork 146
-
I have a temp / fake sub-domain uat-project.domain.com which I've mapped to the IP in my hosts file.
The IP is not a public IP but a private one.
My DevOps guy created SSL for it so https://uat-project.domain.com works on my laptop.
But post logging in using Active Directory login, it doesn't seem to redirect to https://uat-project.domain.com/auth/redirect
AADSTS50011: The redirect URI 'http://uat-project.domain.com/auth/redirect' specified in the request does not match the redirect URIs configured for the application 'xxxx-xxxx-xxxx-xxx-xxxx'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
I added https://uat-project.domain.com/auth/redirect to App Registrations > ProjectName > Authentication
Why is AD trying to redirect to a http one and not an https one ?
Beta Was this translation helpful? Give feedback.
All reactions
Solved this after a long time via https://forum.djangoproject.com/t/request-scheme-is-not-honoring-https/25099/2.
On my server, the django server was running behind an NGINX acting as a proxy which was causing Django not to recognize that the server is on https.
All I had to do was this in my django's settings.py file :
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
This one-line of missing code caused a whole lot of debugging.
Replies: 4 comments 5 replies
-
We haven't tested it using httpS while running locally. But if you actually have httpS://uat-project.domain.com working on your laptop, please make sure you visit your local website using httpS rather than http, and try it again.
Specifically, the redirect URI is automatically detected by this sample in this line. You may somehow print or log the value of the redirect uri for troubleshooting.
Beta Was this translation helpful? Give feedback.
All reactions
-
This is not on localhost - but on our Azure VM which doesn't have a public IP - the private IP is mapped to the domain uat-project.domain.com in my hosts file for which SSL is configured for uat-project.domain.com - but inspite of going to httpS://uat-project.domain.com and login, it still tries to redirect to http://uat-project.domain.com/auth/redirect (not https).
Beta Was this translation helpful? Give feedback.
All reactions
-
Like I mentioned in my earlier post here, when in doubt, you can always print the output of Flask's url_for(...) in this line, and examine whether it contains httpS. If it was indeed the culprit, then you can find more hint from here.
Beta Was this translation helpful? Give feedback.
All reactions
-
I'm using it in Django 4.2.6 : D:\workspace\django\projectName\env\Lib\site-packages\ms_identity_web\django
__init__.py
adapter.py
middleware.py
msal_views_and_urls.py
Beta Was this translation helpful? Give feedback.
All reactions
-
Hmm, we do not currently have a Django sample. But I think you can simply double check what URL your web app feeds into our underlying API. For example, this was how we did it in this Flask-powered sample. You shall make sure your Django-powered app will also feed the right redirect uri (i.e., with httpS) into the underlying API.
Beta Was this translation helpful? Give feedback.
All reactions
-
But what I installed as pip install git+https://github.com/azure-samples/ms-identity-python-utilities@main - this works in Django on my localhost.
Beta Was this translation helpful? Give feedback.
All reactions
-
Azure Active Directory (AAD) expects the redirect URL to be a secure (HTTPS) URL for security reasons. If you're experiencing an AAD HTTPS redirect error, it's likely that your application configuration in Azure AD is not configured to use HTTPS.
Beta Was this translation helpful? Give feedback.
All reactions
-
I have already added https link to the redirect input
Beta Was this translation helpful? Give feedback.
All reactions
-
Solved this after a long time via https://forum.djangoproject.com/t/request-scheme-is-not-honoring-https/25099/2.
On my server, the django server was running behind an NGINX acting as a proxy which was causing Django not to recognize that the server is on https.
All I had to do was this in my django's settings.py file :
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
This one-line of missing code caused a whole lot of debugging.
Beta Was this translation helpful? Give feedback.
All reactions
-
❤️ 2