EchoBoard aims to bridge the gap between employes and upper management by providing a platform for employees to voice their concerns, propose solutions, and collaborate on addressing issues that impact the organisation.
The issue was that our backend had a load balancer.
The authentication begins when the user is redirected from the Relying Party (RP) to the OP (OpenID Provider). The OP then authenticates the user and redirects the user back to the RP with an authorization code. The problem that I was experiencing was that the OP was sending the user back to the server IP in the redirect_uri. However, the server IP is not the same as the RP address. This is because the reverse proxy is the one that is receiving the incoming requests.
As a result, when the user is redirected back to the server IP, the server does not know where the OIDC authentication was initiated. This is because the server does not have the session cookie that was set by the RP. Hence we got a authorization_request_not_found error.
Ibrahim Iqbal — 03/10/2023 15:44
To fix this problem I just added the following 2 lines in my application.yml
server:
forward-headers-strategy: native
The issue was that our backend had a load balancer.
The authentication begins when the user is redirected from the Relying Party (RP) to the OP (OpenID Provider). The OP then authenticates the user and redirects the user back to the RP with an authorization code. The problem that I was experiencing was that the OP was sending the user back to the server IP in the redirect_uri. However, the server IP is not the same as the RP address. This is because the reverse proxy is the one that is receiving the incoming requests.
As a result, when the user is redirected back to the server IP, the server does not know where the OIDC authentication was initiated. This is because the server does not have the session cookie that was set by the RP. Hence we got a authorization_request_not_found error.
Ibrahim Iqbal — 03/10/2023 15:44 To fix this problem I just added the following 2 lines in my application.yml server: forward-headers-strategy: native