Azure B2C OpenID authentication loop

#1

Hello,

I’m trying to authenticate via Azure B2C. Everything works fine until the request is forwarded to the org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider.
When this event occurs, shinyproxy repeats the same query forever.

My Logfile:

Checking match of request : '/login/oauth2/code/shinyproxy'; against '/login/oauth2/code/*'
Request is to process authentication
Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
...

My application.yml:

proxy: 
   authentication: openid
   server:
    useForwardHeaders: true  
   openid:
    auth-url: https://xxxx.b2clogin.com/xxx.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_xxx
    token-url: https://xxx.b2clogin.com/xxx.onmicrosoft.com/oauth2/v2.0/token?p=b2c_xxx
    jwks-url: https://xxx.b2clogin.com/xxx.onmicrosoft.com/discovery/v2.0/keys?p=b2c_xxx
    logout-url: https://xxx.b2clogin.com/xxx.onmicrosoft.com/oauth2/v2.0/logout?p=b2c_xxx&post_logout_redirect_uri=http://localhost:18080
    client-id: xxx
    client-secret: xxx
#2

Hi @AInterestingUsername,

I assume you are using https and an ssl proxy?

This setting:

proxy: 
  server:
    useForwardHeaders: true 

Should move a level up, like this:

server:
  useForwardHeaders: true 

A mismatch of http/https in the redirect uri might cause an authentication loop to occur.

#3

I corrected my mistakes, but I still recieve authentication loops.
You obviously tested the whole thing.
Can you send me your Configuration, please?
If so, please send me a example config for aws cognito and azure b2c.

Thank you in advance