0

I have a spring boot application in which I have integrated Azure AD authentication. The authorization url does not redirect to home page but keeps giving 401 unauthorized.

Below is application.properties:

ssoServiceUrl=https://login.microsoftonline.com/xxxxx
spring.security.oauth2.client.registration.azure.client-authentication-method=post
security.oauth2.client.client-id=xxxxxxx
security.oauth2.client.client-secret=xxxxxxx
security.oauth2.client.scope=openid https://graph.microsoft.com/user.read
security.oauth2.client.authentication-scheme=header
security.oauth2.client.client-authentication-scheme=form
security.oauth2.issuer=https://login.microsoftonline.com/xxxxxx/v2.0
security.oauth2.client.access-token-uri=${ssoServiceUrl}/oauth2/v2.0/token
security.oauth2.client.user-authorization-uri=${ssoServiceUrl}/oauth2/v2.0/authorize
security.oauth2.resource.user-info-uri=https://graph.microsoft.com/oidc/userinfo

below are the dependencies in pom.xml

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
        <version>2.2.6.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security.oauth.boot</groupId>
        <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        <version>2.2.6.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

App configure is as follows:

 public void configure(HttpSecurity http) {
    try {
        http.antMatcher("/**")
                .authorizeRequests()
                .antMatchers("/error**")
                    .permitAll()
                .anyRequest()
                    .authenticated()
                .and()
                    .logout()
                        .deleteCookies()
                        .invalidateHttpSession(true)
                        .clearAuthentication(true)
                        .logoutSuccessUrl("https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A8080");
    }

I followed this post and added spring.security.oauth2.client.registration.azure.client-authentication-method=post but that does not work. Also, changed the spring boot starter dependency versions but that also does not help.

Also followed this and changed azure endpoints from v2 to v1 but that also does not work. This is working fine on localhost. I am not able to collect any logs as this is happening after deployment to ECS service and errors out without touching application code.

shagufta syed
  • 441
  • 6
  • 23

1 Answers1

0

Could you please try our latest version of azure-spring-boot-starter-active-directory? Which work for spring-boot 2.4.5.

chenrujun
  • 126
  • 4
  • when I integrate this sample, after the authorization code is received, it is taking me to login?error page saying "invalid credentials". – shagufta syed Jun 01 '21 at 06:38
  • Hello, my issue was https://stackoverflow.com/questions/18836427/how-can-i-make-spring-security-oauth2-work-with-load-balancer. I had to enable sticky session on ECS Application Load Balancer and then it worked. Thanks! – shagufta syed Jun 01 '21 at 08:52
  • Hi, shagufta syed, could you please create an issue in the github repo? https://github.com/Azure/azure-sdk-for-java/issues – chenrujun Jun 06 '21 at 08:27
  • Hello, @JameChen, the issue was not related to code. It was related to Application Load Balancer. – shagufta syed Jun 08 '21 at 07:15