search

snok / django-auth-adfs

A Django authentication backend for Microsoft ADFS and AzureAD
http://django-auth-adfs.readthedocs.io/
BSD 2-Clause "Simplified" License
270 stars 98 forks source link

Http instead Https (AADSTS50011) #243

Closed zfmbek3 closed 2 years ago

zfmbek3 commented 2 years ago

Hi I use django_auth_adfs Azure AD for Django authentication.

On my local server authentication works fine.

But when I deploy my app to Azure App service I can not login successfully.

AADSTS50011: The redirect URI 'http://myapp.azurewebsites.net/oauth2/callback' specified in the request does not match the redirect URIs configured for the application ....

But my Redirect url https://myapp.azurewebsites.net/oauth2/callback HTTPS not HTTP

I looked into the code of the django_auth_adfs and found that the code responsible for redirect_uri parameter is:

django_auth_adfs/config.py 309 def redirect_uri(self, request): 310 self.load_config() 311 return request.build_absolute_uri(reverse("django_auth_adfs:callback"))

Hence request.build_absolute_uri(reverse("django_auth_adfs:callback")) return http://myapp.azurewebsites.net/oauth2/callback

Why HTTP not HTTPS I do not understand.

What can i do? Is there any workaround for get correct absolute_uri with HTTPS

zfmbek3 commented 2 years ago

I solved the problem. On Azure, your application is running behind a proxy If I understood correctly

I added USE_X_FORWARDED_HOST = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') to settings.py

Now it work correctly