ShinyProxy causes Azure to throw "No reply address provided." when using Azure as OIDC IDP

Hello all,

I’m trying to configure a ShinyProxy instance to use OIDC authentication, with Azure B2C as the IDP. I believe I have configured everything correctly, as per the GitHub example.

However, when I navigate to the ShinyProxy instance, I am correctly redirected to the Microsoft login screen, before being shown the following error:

AADSTS900971: No reply address provided.

From some initial searching, it appears that this means ShinyProxy is not providing a redirect URI to Azure. I have configured a redirect URI on the Azure B2C side, but I have not configured a redirect URI in ShinyProxy’s application.yml.

Is this something I have missed in my configuration (on either Azure B2C or ShinyProxy), or is this an issue with how ShinyProxy and/or Azure B2C work?

Hi, this Azure error usually indicates that the redirect URI sent by ShinyProxy does not match the URI configured in Azure. If you verified this is correct, the problem is usually that ShinyProxy sends a http redirect uri instead of a https uri. This can happen when ShinyProxy is unaware that it’s using HTTPS, e.g. when using a reverse proxy or loadbalancer. See Troubleshooting | ShinyProxy fore more information.

Hi - yes, I was running ShinyProxy behind a reverse proxy, but I had not told ShinyProxy to use the forward headers. Enabling this in the config and restarting ShinyProxy immediately fixed SSO, as the correct redirect URI (with https) is now being passed to Azure. Thanks!