Hello,
I'm trying to use the OIDC protocol for linshare authentication with Azure AD.
I registered my linshare app on azure portal (customizing secret, getting issuer uri...)
I configured linshare properties to use OIDC, and the SSO button is well displayed on login screen.
However, I have an issue with Azure AD response when authenticating.
I am well redirected on microsoft login screen (I have to accept some functionalities in order to use it), but the redirection through location header from microsoft removes fragment part (#/oidc/callback), so I am back on the login screen (with query parameters ?code=...&state=...&session_state=...) but nothing happens because we are not on the oidc route on front-end.
I tried for testing purpose to add fragment part on the uri (#/oidc/callback), the front mecanism handles query parameters but I get now an error from microsoft : AADSTS500112: The reply address 'http://localhost:20082/new/#/oidc/callback' does not match the reply address 'http://localhost:20082/new/' provided when requesting Authorization code.
I assume that, again, the fragment part was skipped on the initial oidc request, and moreover there was indeed no oidc/callback in the uri but #/login
For information, I tried too the linshare-ui-user project but it is worse, because angular (instead of vue in linshare-ui-admin use exclamation mark in the uri (#!/oidc/callback) and the azure portal to register redirection uri does not accept this uri because it is not valid.
According to the microsoft azure documentation, only MSAL.js (https://github.com/AzureAD/microsoft-authentication-library-for-js) is supported for Azure open id connect. I don't know if the oidc-client library used could do the job and only few adaptations are required to handle properly OIDC response or if redesign would be necessary.
If anyone has successfully openid connect authentication on azure ad, please let me know ;)
Hello,
I'm trying to use the OIDC protocol for linshare authentication with Azure AD.
I registered my linshare app on azure portal (customizing secret, getting issuer uri...)
I configured linshare properties to use OIDC, and the SSO button is well displayed on login screen.
However, I have an issue with Azure AD response when authenticating.
I am well redirected on microsoft login screen (I have to accept some functionalities in order to use it), but the redirection through location header from microsoft removes fragment part (
#/oidc/callback), so I am back on the login screen (with query parameters?code=...&state=...&session_state=...) but nothing happens because we are not on the oidc route on front-end.I tried for testing purpose to add fragment part on the uri (
#/oidc/callback), the front mecanism handles query parameters but I get now an error from microsoft :AADSTS500112: The reply address 'http://localhost:20082/new/#/oidc/callback' does not match the reply address 'http://localhost:20082/new/' provided when requesting Authorization code.I assume that, again, the fragment part was skipped on the initial oidc request, and moreover there was indeed no oidc/callback in the uri but
#/loginFor information, I tried too the
linshare-ui-userproject but it is worse, because angular (instead of vue inlinshare-ui-adminuse exclamation mark in the uri (#!/oidc/callback) and the azure portal to register redirection uri does not accept this uri because it is not valid.According to the microsoft azure documentation, only MSAL.js (https://github.com/AzureAD/microsoft-authentication-library-for-js) is supported for Azure open id connect. I don't know if the oidc-client library used could do the job and only few adaptations are required to handle properly OIDC response or if redesign would be necessary.
If anyone has successfully openid connect authentication on azure ad, please let me know ;)