stackoom
  简体   繁体   中英

Azure active directory dynamic reply url

 原文  2018-05-03 15:54:18       node.js/ azure/ passport-azure-ad

Question

I'm in the following situation: I have a nodejs application that uses the azure active folder authentication system through the passport-azure-ad module.

At the moment my reply url, the url that I registered on my portal and that I have set as redirectUrl in my passport strategy configuration, is https://localhost:3000/microsoft/auth . Everything works when I go through the authentication process from the machine that runs the server, but obviously fails from any other device after I sign in with my microsoft account and https://localhost:3000/microsoft/auth gets returned(to be more precise, the authentication goes well but the returned page doesn't load for obvious reasons).

If I change the redirectUrl in my passport strategy(I'm using OIDCStrategy) configuration to where the server is running, eg https://machine.that.runs.the.server:3000/microsoft/auth without first registering the url on the azure portal I get an error related to the reply/redirect url mismatching when I try to authenticate.

The reason why I don't want to register https://machine.that.runs.the.server:3000/microsoft/auth on the portal it's because I would like to be able to run the server from any machine and have any other machine connect to it and be correctly redirected after the authentication process, or at least on any machine in my office internal network.

So what I'm asking is if there is a way to either remove the reply/redirect url check or to have some kind of dynamic redirectUrl option where I can set the reply URL in my request. If none of those two can be done I would like to know if there is a way to register a reply URL from the portal that works for all the machines in my network like 10.3.144.x:3000/microsoft/auth.

Thanks in advance.

1 answers

solution1
 0  2018-12-05 16:05:42

The wildcard approach could stop working anytime from now, since it's not available in the new version of the "App Registrations" part of the Azure Portal.

Jon commented about it below.
Another resource : https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-AD-App-with-wild-card-reply-urls/mp/305955/highlight/true#M2434

Which points to a SO thread providing insight on how to avoid using wildcards : Why is Redirect URL Fully Qualified in Azure AD B2C?

!Have you tried the wildcard approach described here ? https://paulryan.com.au/2016/azure-ad-app-wildcard-reply-url/

!It would mean declaring https://*/microsoft/auth (or https://*:3000/microsoft/auth , I'm not sure) in your Azure portal. I can confirm wildcards work in reply URLs: I use them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Active Directory Delegated Nodejs App nodejs find user in azure active directory Unable to log in with guest user in Azure Active Directory OAuth authentication with Azure Active Directory app Microsoft Azure Active Directory Passport Authentication How to get users from azure active directory to azure function Serve static directory with dynamic URL query parameters Authentication for Azure Active Directory using adal for node.js application Get data for Azure Active Directory user in MS Bot Framework bot Impersonate logged in user when accessing Azure Active Directory
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM