How to use wildcard inside domain name in Redirect URIs (Azure AD)
There have been some questions regarding this issue on StackOverflow, but none of them have a well-defined answer.
I am trying to enable SSO authentication with Azure AD for Grafana. My Grafana domains look like this:
monitoring.cluster1.company.com
monitoring.cluster2.company.com
monitoring.cluster3.company.com
I have a couple hundred of these.
In the app manifest, I tried setting up redirect URIs in multiple ways:
https://*.company.com/login/azuread -> does not match my URL
https://monitoring.*.company.com/login/azuread -> Azure does not accept it
Is there really any way to circumvent this? I read about a solution involving cookies, but I honestly did not understand how that works or how it can be applied.
Note that: Azure AD supports redirect URL of wildcard type
https://*.xxx.combut nothttps://xxx.*.abc.comtype. Refer this MsDoc.
I created an Azure AD Application and tried to add redirect URL as https://monitoring.*.company.com/login/azuread .
And got the error like below:
As a workaround you have to update the redirect URL as https://*.company.com/login/azuread
- Due to security issues, wildcard URIs should be avoided.
- A redirection endpoint URI must be an absolute URI according to OAuth 2.0 specification.
- Otherwise, if you want to add
https://monitoring.*.company.com/login/azureadas redirect URL you have to add manually as
https://monitoring.cluster1.company.com/login/azuread https://monitoring.cluster2.company.com/login/azuread
Reference:
Azure AD wildcard in middle((not at the end or beginning)) of reply url not working - Stack Overflow by alphaz18
- Get username from Azure Identity
- What prevents Databricks IP access lists from being executed
- HTTP 404 error with Swagger UI on Azure Functions app
- Azure devops - build number vs build id
- Unable to Retrieve Hidden MailFolders (isHidden = true) with Microsoft Graph API
- Parse array & json to right numbers of column
- Run script on Azure VM Scale Set when deprovisioning
- Azure Pipeline to trigger Pipeline using YAML
- Keycloak Admin Console Login - Infinite Loop
- Make Azure Keyvault secrets available in entire pipeline
- Azure Logic Apps - Queries for telemetry 2.0 show no results
- Print function not working without flush=True when used with the While loop
- Cannot authorize variable group in Azure Pipelines
- Azure Maps rejecting Route Request with ZipCode
- Create-React-App hosted in Azure getting a 404 with manual refresh or by typing the url manually on any page except the home page
- How to set up a simple Next.js web app with CI/CD on Azure?
- How to avoid explicitly acquiring access tokens when calling Microsoft Graph API in Node.js?
- Why I'm getting 404 Resource Not Found to my newly Azure OpenAI deployment?
- Scanning for malware in files uploaded to Azure
- Azure blob, controlling filename on download
- How to delete/clear active/dead-letter messages from Azure Service Bus Queue?
- How to Generate .AAB file and Sign Android app Bundle using azure pipeline
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- Can't create password containing parentheses in Azure CLI
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- Azure Access token just created but not capable to verify that is authentic
- Querying azure table storage for null values
- Azure App Functions, Storage queue trigger
- Error while running Terraform Import Command to import Azure Key Vault
- How to get Node.js app running on Azure App Service?