HAProxy - Redirect HTTPS for OAuth (Azure)

Question

I need help to solve my issue.

What I want to achieve is

http://abc.contoso.com -> https://abc.contoso.com (Force redirection HTTP to HTTPS)

My problem is that the URI needed for Azure OAuth 2.0 authorization endpoint doesn’t match.

The accepted URI as destination when returning authentication responses (tokens) after successfully authenticating users must be: https://abc.contoso.com/signin-oidc

But HAProxy sends the HTTP form as below:

https://login.microsoftonline.com/bdeebc-dd/oauth2/authorize?client_id=fd&redirect_uri=http%3A%2F%2Fabc.contoso.com%2Fsignin-oidc&response_type=id_token&scope=openid profile&response_mode=form_post

What should I do to have the HTTPS form (redirect_uri=https%3A%2F%2Fabc.contoso.com%2Fsignin-oidc) instead of HTTP for OAuth ?

My config is

Front-end

frontend public_front_end
bind *:80
mode http
option forwardfor
redirect scheme https code 301 if !{ ssl_fc }

frontend public_secured_front_end
bind *:443 ssl crt /etc/haproxy/certs

Back-end

use_backend abc-api if { hdr(host) -i abc.contoso.com }

backend abc-api

mode http

http-request add-header X-Forwarded-Proto https

server webserver01 192.168.0.1:4569 check

option forwardfor

Thanks

Answer 1

You need to update the Azure AD application you have setup to do this authentication to add a reply URL for the https endpoint.