Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure AD authentication behind a reverse proxy #1465

Closed
TheBSGamer opened this issue Jan 6, 2025 · 2 comments
Closed

Azure AD authentication behind a reverse proxy #1465

TheBSGamer opened this issue Jan 6, 2025 · 2 comments
Labels
question ❔

Comments

@TheBSGamer
Copy link

TheBSGamer commented Jan 6, 2025
edited
Loading

Question

Hey there. I'm trying to use Caddy alongside a Pode web server with Azure AD authentication and I'm having some issues with the callback. No matter what I seem to do, it keeps trying to redirect to localhost within the callback in Azure AD, but if I use the reverse proxy URL as outlined in #906, I get an error from Microsoft's sign in page that the redirect URI http://localhost:8080/oauth2/callback doesn't match. If I set the -RedirectUrl parameter, that does seem to redirect to https://example.com/oauth2/callback but I have no idea how to configure that callback route? I'm assuming I need to create one because it's now considered a 'custom' route, but I'm just not sure how to configure that route. Do I use Add-PodeRoute? What do I put in there to configure it? Here's some example code of what my current setup looks like. Almost exactly the same as the default documented setup for Azure AD. I'm sure it's something simple I'm missing but I'm not sure where to go here. Thanks in advance!

Pode server file:

Start-PodeServer -EnablePool @("Tasks","Schedules") -Threads 4 -ScriptBlock {
    Add-PodeEndpoint -Address * -Port 8080 -Protocol Http

    Enable-PodeSessionMiddleware -Duration 900 -Extend
    $scheme = New-PodeAuthAzureADScheme -RedirectUrl "https://example.com/oauth2/callback" -ClientID '****' -ClientSecret '****' -Tenant '****'

    $scheme | Add-PodeAuth -Name 'Login' -FailureUrl '/login' -SuccessUrl '/' -SuccessUseOrigin -ScriptBlock {
        return @{ User = $args[0] }
    }

    # Do I need to provide `-Authentication 'Login'` here?
    Add-PodeRoute -Method Get -ScriptBlock {
        ...
    }
}

caddyfile:

example.com {
    reverse_proxy localhost:8080
    tls cert.pem key.key
}
@TheBSGamer
Copy link
Author

Forgot to mention this, but if I use -Hostname example.com instead of using -RedirectUrl "https://example.com/oauth2/callback" it now says that the redirect URL is http://example.com:8080/auth2/callback instead of the anticipated https://example.com/oauth2/callback.

@TheBSGamer
Copy link
Author

Okay I got it working!

If I use -RedirectUrl "https://example.com/oauth2/callback" and then create a route with Add-PodeRoute -Authentication Login -Method Get -Path "/oauth2/callback" it works! Not sure if that's the way you're supposed to do it, but it works for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question ❔
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TheBSGamer