are redirect urls ignoring port

drdamour 16 Reputation points
2020-02-17T20:34:34.527+00:00

asked at https://github.com/MicrosoftDocs/azure-docs/issues/47893 and directed here

when you setup redirect urls, is the port number considered? I've noticed that i only put my localhost:5001 kestral url but if i switch to IIS express on 43215 everything works without issue as well as if the port is totally ignored.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,464 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hirsch Singhal [MSFT] 16 Reputation points
    2020-07-17T17:33:30.097+00:00

    Just a heads up here - Azure AD follows the OAuth 2.0 spec here, which states that specifically for loopback redirects an exact match is required except for the port URI component on localhost requests. It is expected that on localhost you can choose any port. We will look into updating the portal to make this more obvious and not allow localhost port components.

    1 person found this answer helpful.
  2. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2020-02-18T21:51:23.743+00:00

    They are not ignoring the port. Each URL with a different port should be distinct. My guess is that you have two URLs registered for the application. If that is the case the Azure portal may do this change for you.

    If you only had one URL registered you would get an error about an invalid reply url.

    Check under the registration for that application to see if you have both URLs registered.

    3051-reply-url-register.jpg

  3. Manoj Rai 1 Reputation point
    2021-03-31T01:28:35.867+00:00

    Hi I am having some trouble redirecting back to application once authentication is completed. I have a redirect URL https://myapp.domain.com.au:4443/project/saml/acs
    but when azure redirects, it does to http://192.168.200.229/project/saml/acs.

    I check while signing in the MS login page, the redirect url has redirect parameter https://myapp.domain.com.au:4443/project/saml/acs and after login it does take to https://myapp.domain.com.au:4443/project/saml/acs but my debug gets error
    "The response was received at http://192.168.200.229/project/saml/acs instead of https://myapp.domain.com.au:4443/project/saml/acs "

    I have no idea whats happening, any suggestions ??

    0 comments
  4. Alon Bar-Lev 0 Reputation points
    2023-03-15T12:18:49.2033333+00:00

    Hi @Marilee Turscak-MSFT,

    I bumped into the same issue.

    Registered redirect URLs:

    • http://localhost:8000
    • http://localhost:8001

    When I specify redirect_url=8000 the IDP redirects back to 8001, this is not expected behavior, the redirect_url URL should be used.

    The current behavior is [probably]:

    1. Verify that redirect_url matches one of the registerd application URLs
    2. Select random redirect_url out of the approved application URLs (probably the last)
    3. Redirect to URL selected by (2)

    Expected behavior:

    1. Verify that redirect_url matches one of the registered application URLs
    2. Redirect to URL specified in (1)

    Rational: The application may run multi-instance or crash in which the port is already allocated, we would like to use port range in order to allow redundency/concurrency.

    Please let me know if there is a better forum to discuss this.

    Thanks,

    0 comments