Azure AD oauth not working after server move

buzzlightyear · October 20, 2021, 8:04pm

Our influx server was migrated to live behind a reverse proxy, but keeping the same ip/url for web browser access to chronograf, so nothing really changed. The Login button is displayed to logon to AzureAD (the configured provider), when I click the login button it briefly navigates away to microsoft’s authentication urls and then returns to the login prompt. Looking in developer tools in the browser, visits to /chronograf/v1/me and /chronograf/v1/env are failing with 403 forbidden.

I have restarted chronograf, and also cleared the cookies in my browser, but no luck. Any suggestions will be greatly appreciated.

buzzlightyear · October 21, 2021, 9:21am

Issue has been resolved. The server needed outbound firewall access to login.microsoftonline.com to be able to verify the token, once that was given everything worked.

The relevant error message you need to look for in the logs is "Unable to exchange code for token Post “https://login.microsoftonline.com/....../token”

Anaisdg · October 21, 2021, 6:03pm

@buzzlightyear thanks for sharing your solution!

Topic		Replies	Views
Chronograf no auth -> OAuth with Azure -> No login button when restarting chronograf Dashboards chronograf	3	768	October 31, 2019
Chronograf Authentication issue when using Azure AD Telegraf chronograf	11	2555	January 11, 2021
Proxy somehow usable for OAuth 2.0 authentication in Chronograf with Azure AD? Chronograf chronograf , azure	1	489	September 6, 2021
Chronograf - Azure AD Implementation doesnt work	1	639	January 11, 2021
Failed to validate Oauth settings: missing Google oauth setting[s] error after upgrade to 1.8.4 Dashboards chronograf	3	958	June 11, 2020

Azure AD oauth not working after server move

Related topics