I’m created java web application using spring boot starter for azure active directory step by step like is described in:https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory
My application with my azure account work fine when i open localhost:8080 it redirects me to azure where I do the login and then I’m redirected back to my app.
Problem is when i try to configure this dummy app with azure AD account from my customer. Here also when i open my app host app redirects me to azure login and after login i got error like in screenshot
and here is my application.properties
azure.activedirectory.tenant-id=placeholder azure.activedirectory.client-id=placeholder azure.activedirectory.client-secret=placeholder azure.activedirectory.object-id=placeholder azure.activedirectory.user-group.allowed-groups=group1 azure.activedirectory.session-stateless=true security.oauth2.authorization.token-key-access=permitAll() spring.thymeleaf.prefix=classpath:/templates/ spring.thymeleaf.suffix=.html application.baseurl.logout.redirect=https://mydomain:8081/ application.groups.for.displaying= application.groups.for.filtering= server.port=8081 server.ssl.enabled=true server.ssl.trust-store=/apps/tomcat/conf/trusted.jks server.ssl.trust-store-password=mykeys server.ssl.key-store=/apps/tomcat/conf/.keystore server.ssl.key-store-password=f213495a0be855c4ab190a1f84cc18cd server.ssl.key-store-type=JKS server.ssl.key-alias=key-dev-ui server.ssl.key-password=f213495a0be855c4ab190a1f84cc18cd
my configuration:
@Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable().authorizeRequests().anyRequest().authenticated().and().oauth2Login().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .and().oauth2Client(); }
Advertisement
Answer
Please check below points:
- The issue may arise when the issuer value obtained from token is from different endpoint (v2) than expected.Please make sure to use latest version of spring boot api and check the same to be in dependencies.
- You need to set the redirect URL as http://localhost:8080/login/oauth2/code/azure or http://localhost:8080/login/oauth2/code/ in the portal.You can configure other value according to your app in place of localhost:8080 .This redirect uri must be configured in your application properties.
- Make sure to expose api and make sure the permissions are also configured and granted admin consent.
. Give default scope (make sure to add the scope in code)or directly give the scopes present in the app (check in app code) such as User.read ,file.read or offline_access and provide delegated permsissions in portal like below(if those are present in code ).
(or)
Also see springboot starter dev guide | ms docs and please check references below.
You may provide other configuration details by editing the question if above are not the cases to investigate further.
References: