navcontainerhelper icon indicating copy to clipboard operation
navcontainerhelper copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Wrong redirect URI when using Oauth with AAD ( http instead of https )

Open ChrisChristophers opened this issue 6 months ago • 37 comments

Describe the issue The redirectURI uses http instead of https despite us using https in the script (note: our frontend.endpoint in traefik is http because we use a loadbalancer for handling https ) image but that shouldn't affect the redirection from the application , right ? when trying to connect to the container the redirectURL contains: ......&redirect_uri=http%3A%2F%2Fbctest.sw.data.com%2Fbc-test-aad%2FSignIn...... and brings this error since you can't use http in AAD: image

if i manually change http to https it works perfectly fine. why is the URL wrong though? is it overwritten in the script at some point?

Script for creating the container:

$tenantId = "xxxxxxx-ea12-1234-1234-xxxxxxxxxx" 
$applicationId = "xxxxxxx-ea90-4473-8287-xxxxxxxxxx" 
$applicationIdUri = "api://xxxxxxx-ea90-4473-8287-xxxxxxxxxx" 
$redirectUrl = "https://bctest.sw.data.com/bc-test-aad/SignIn"
 
$federationLoginEndpoint = "https://login.microsoftonline.com/$tenantId/wsfed?wa=wsignin1.0%26wtrealm=$applicationIdUri%26wreply=$redirectUrl"
$federationMetadataLocation = "https://login.microsoftonline.com/$tenantId/FederationMetadata/2007-06/FederationMetadata.xml"
 
$containerName = 'bc-test-aad'
$multitenant = $false
$BCDatabaseUser = "BcContainer"
$BCDatabasePassword = "PASSWORD"
$databaseName = "bc-test-aad"
$databaseCredential = New-Object System.Management.Automation.PSCredential -argumentList $BCDatabaseUser, (ConvertTo-SecureString -String $BCDatabasePassword -AsPlainText -Force)
$20ArtifactUrl = Get-BCArtifactUrl -country "de" -type OnPrem -select Latest ##-Version "21.4"
$partnerLicense = "C:\Install\240411.bclicense"
 
 
 
New-BCContainer `
    -accept_eula `
    -containerName $containerName `
    -multitenant:$multitenant `
    -updateHosts `
    -artifactUrl $20ArtifactUrl `
    -memoryLimit 10G `
    -EnableTaskScheduler:$false `
    -licenseFile $partnerLicense `
    -Credential $databaseCredential `
    -databaseServer 'host.containerhelper.internal' `
    -databaseInstance '' `
    -databaseName $databaseName `
    -databaseCredential $databaseCredential `
    -accept_outdated `
    -useTraefik `
    -PublicDnsName 'bctest.sw.data.com' `
    -shortcuts None `
    -alwaysPull `
	-useSSL `
    -auth AAD `
    -AadAppId $applicationId `
    -AadAppIdUri $applicationIdUri `
    -authenticationEMail "[email protected]" `
    -additionalParameters @(
        "-v C:\Install:C:\Install"
        "--env appIdUri=$applicationIdUri",
        "--env federationLoginEndpoint=$federationLoginEndpoint",
        "--env federationMetadata=$federationMetadataLocation",
        "--env [email protected]"
        )

BCContainerhelper version 6.0.19

ChrisChristophers avatar Aug 16 '24 05:08 ChrisChristophers