Okta redirect over https

sandrews · November 18, 2020, 11:55am

I have an ASP.NET Core app running in a container over http with a load balancer/reverse proxy sitting in front of it configured to run over https. Everything is running within a VPC in AWS. The issue I have is that the redirect from Okta after authentication is over http not https: i.e.,

https://.okta.com/oauth2/default/v1/authorize?client_id=XXXXX&redirect_uri=http://

even though the original request was from https://

Not sure where the issue is here. Is it an Okta setting I missed, is it the load balancer or within the app although everything works fine over https with a self signed certificate when I run the app locally on my dev machine. Any help much appreciated.

andrea · November 18, 2020, 7:27pm

Is the redirect URI you’ve set in your app config set as http:// or https://?

andrea · November 18, 2020, 7:38pm

Also, regarding having a reverse proxy in front of a .NET app, you may want to check out this blog post.

sandrews · November 19, 2020, 10:24am

It works over https when I run it locally on my machine and authenticates against my Okta https endpoint perfectly. It’s an ASP.NET Core app…In the appsettings.json I’m using:

“Okta”: {
“OktaDomain”: “https://XXXX.okta.com/”,
“ClientId”: “XXXXX”,
“ClientSecret”: “XXXX”
}

In startup.cs I’m using:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints =>
{
endpoints.MapHealthChecks("/healthcheck");
endpoints.MapControllers();
endpoints.MapRazorPages();
});
}

sandrews · December 16, 2020, 1:23pm

I’ve tried implementing the SameSite fix you mentioned in the post but after logging in to Okta it still redirects to http not https. I removed the http entry for the Okta Login redirect URIs just leaving the https entry and I get the Okta 400 error bad request? What is going on? Why does it redirect over http when the site is running over https. The site running in the Docker container is running over http. Any help much appreciated.

andrea · December 16, 2020, 8:01pm

Can you take a look at the answer in this SO post, about ensuring that your app is considering forwarded headers, as well as Microsoft’s article on using .Net Core with a lb/proxy, to see if these suggestions help?

Post		Replies	Views
Unable to leverage HTTPS - ASP.NET Framework Questions	2	3780	January 23, 2024
Redirect URI Defaulting to HTTP Instead of HTTPS in ASP.NET Core with Okta OIDC Integration OAuth/OIDC dotnet	2	215	December 7, 2024
.NET 5 app behind AWS load balancer, /authorization-code/callback redirect is changing POST to GET Questions dotnet	5	3384	April 25, 2022
Redirect Uri is taking http over https OAuth/OIDC	1	1488	November 27, 2023
Issue with Okta redirection Questions	1	3570	January 24, 2024

Okta redirect over https

Related topics