Just a heads up here - Azure AD follows the OAuth 2.0 spec here, which states that specifically for loopback redirects an exact match is required except for the port URI component on localhost requests. It is expected that on localhost you can choose any port. We will look into updating the portal to make this more obvious and not allow localhost port components.
are redirect urls ignoring port
asked at https://github.com/MicrosoftDocs/azure-docs/issues/47893 and directed here
when you setup redirect urls, is the port number considered? I've noticed that i only put my localhost:5001 kestral url but if i switch to IIS express on 43215 everything works without issue as well as if the port is totally ignored.
4 answers
Sort by: Most helpful
-
-
Marilee Turscak-MSFT 34,306 Reputation points Microsoft Employee
2020-02-18T21:51:23.743+00:00 They are not ignoring the port. Each URL with a different port should be distinct. My guess is that you have two URLs registered for the application. If that is the case the Azure portal may do this change for you.
If you only had one URL registered you would get an error about an invalid reply url.
Check under the registration for that application to see if you have both URLs registered.
-
Manoj Rai 1 Reputation point
2021-03-31T01:28:35.867+00:00 Hi I am having some trouble redirecting back to application once authentication is completed. I have a redirect URL https://myapp.domain.com.au:4443/project/saml/acs
but when azure redirects, it does to http://192.168.200.229/project/saml/acs.I check while signing in the MS login page, the redirect url has redirect parameter https://myapp.domain.com.au:4443/project/saml/acs and after login it does take to https://myapp.domain.com.au:4443/project/saml/acs but my debug gets error
"The response was received at http://192.168.200.229/project/saml/acs instead of https://myapp.domain.com.au:4443/project/saml/acs "I have no idea whats happening, any suggestions ??
-
Alon Bar-Lev 0 Reputation points
2023-03-15T12:18:49.2033333+00:00 Hi @Marilee Turscak-MSFT,
I bumped into the same issue.
Registered redirect URLs:
- http://localhost:8000
- http://localhost:8001
When I specify
redirect_url=8000
the IDP redirects back to 8001, this is not expected behavior, theredirect_url
URL should be used.The current behavior is [probably]:
- Verify that
redirect_url
matches one of the registerd application URLs - Select random
redirect_url
out of the approved application URLs (probably the last) - Redirect to URL selected by (2)
Expected behavior:
- Verify that
redirect_url
matches one of the registered application URLs - Redirect to URL specified in (1)
Rational: The application may run multi-instance or crash in which the port is already allocated, we would like to use port range in order to allow redundency/concurrency.
Please let me know if there is a better forum to discuss this.
Thanks,