Login loop with Azure OAuth2

I’m trying to configure my k8s v2 deployment environment with authentication via Azure OAuth2.

Here is my halconfig:

        enabled: false
      overrideBaseUrl: https://ci.domain.io/gate
      corsAccessPattern: https://ci.domain.io
        enabled: false
      overrideBaseUrl: https://ci.domain.io
        enabled: true
          clientId: client
          clientSecret: secret
          accessTokenUri: https://login.microsoftonline.com/${azureTenantId}/oauth2/token
          userAuthorizationUri: https://login.microsoftonline.com/${azureTenantId}/oauth2/authorize?resource=https://graph.windows.net
          clientAuthenticationScheme: query
          scope: profile
          preEstablishedRedirectUri: https://ci.domain.io/gate/login
          useCurrentUri: false
          userInfoUri: https://graph.windows.net/me?api-version=1.6
          email: userPrincipalName
          firstName: givenName
          lastName: surname
        provider: AZURE

I’m currently exposing this through k8s Ingress resources with TLS; Deck is exposed at ci.domain.io and Gate is exposed through ci.domain.io/gate via the internal API_HOST variable in my deck.yml settings.

In the Azure docs, it says my redirect URL should be https://<gate>/login, so I set my redirect URI to be https://ci.domain.io/gate/login. I can hit https://ci.domain.io, it sends me to Gate, which redirects me to the Azure OAuth login page. I can log in successfully, but it immediately redirects me back to the Azure login page.

What is the proper reply URI/redirect URL that I need to give Azure so I stop getting a redirect loop?

1 Like

Hi, I am having the same issue using a custom keycloak instance … The official Spinnaker documentation confirms that it should be /login as redirect_uri…

I’ve been stuck for a few days :sob:

Please help