1

I have a Java Web App which is integrated with Azure AD. Now when I run the app locally, everything works fine.

But When I deploy the WAR file to the Azure App Service, the authentication redirection seems to be going in an infinite loop.

The application is running in loop between login.microsoftonline.com and mysite.azurewebsites.net.

I have read in blog posts that this happens with OWIN cooke in .Net , but not sure if this is case with Java as well.

All the traffic is through HTTPS only, but still the issue exists.

Is there any setting in Azure Portal to overcome this ?

AhmedVali
  • 185
  • 2
  • 16

1 Answers1

1

Owin middleware is only available for .NET, so yes, we cannot fault that.

The redirect would be triggering from the portion of your code that evaluates a condition like 401 Unauthorized and constructs an authentication Url and redirects the user to that.

I'd suggest you enable as much diagnostics as possible and look into logs to..

  1. Azure AD is sending the tokens in response as expected and not an error
  2. The code acceptig/parsing these tokens is working correctly
Kalyan Krishna
  • 1,616
  • 15
  • 19
  • Hi Krishna, The app is working fine when i deploy and test it locally in Tomcat. The redirection loop occurs only when I deploy this app to an App Service and access the application. I have enabled the Diagnostic logs from Azure Portal, but didnt find any error message. When I checked the network log from Chrome Dev Tools, I can see the cookies and access Token. – AhmedVali Mar 03 '19 at 12:41
  • Did disable the App service's own auth setup? – Kalyan Krishna Mar 04 '19 at 05:23
  • Hi Krishna, The App Service's own Auth was disabled. I have disabled the Always HTTPS setting from SSL Settings of the service and it is working now. Not still sure why the HTTP-->HTTPS redirection was causing the problem. – AhmedVali Mar 05 '19 at 14:33
  • check if your site, its redirect urls have http or https or both? Strongly advised to keep/use https everywhere – Kalyan Krishna Mar 06 '19 at 04:50
  • 1
    Hi Krishna. Thank you for taking the time to reply. The redirect URL is constructed using request.getRequestUrl() and this always returns HTTP url irrespective of the protocol and I have configured both http and https urls as the Redirect URLS in app settings. – AhmedVali Mar 06 '19 at 05:22