Skip to main content
Question

SSO and OIDC with FSM

S
Hero (Employee)
Forum|alt.badge.img+15

A customer is having problems when using OIDC to access the FSM Web Client. The customer has checked their SSO environment and believes it to be correct. However, we are getting a 403 error when trying to use OIDC.

From outside their  network, I can get to the FSM web client landing page:

 

If I use FSM authentication, I can log in OK:

 

However, if I select “Use OIDC Login” on the landing page, I briefly see the redirect to the Microsoft page:

 

before being bounced back to the root page of the server with a 403 error:

 

Does anyone have ideas/suggestions as to what might be wrong or how to troubleshoot this further?

Steve

5 replies

Saranga Amaraweera
Superhero
Forum|alt.badge.img+22

@Sajith D hope you can help

SAAALK
S
Superhero (Employee)
Forum|alt.badge.img+21
  • Sajith D
  • Superhero (Employee)
  • 427 replies
  • April 12, 2022

hi @Steve Hurst ,

We will need to see how the redirect URL’s are setup in Azure App registration to figure out where the problem is. Looking at the images it looks as if the Azure is not directing the traffic correctly but can’t be sure without having a look at what is defined.

Cheers.

S
Hero (Employee)
Forum|alt.badge.img+15
  • Steve Hurst
  • Author
  • Hero (Employee)
  • 55 replies
  • April 12, 2022

Hi @Sajith D 

Many thanks for the reply. I have this information now, and so will send it to you directly rather than post it on an open forum.

Thanks

Steve

Lee Pinchbeck
Ultimate Hero
Forum|alt.badge.img+24
  • Lee Pinchbeck
  • Ultimate Hero
  • 1219 replies
  • April 12, 2022

@Aaron.Sleight @Jon Reid is there any other pointers that can be given for this issue?

Currently reading: The Way of Kings - Brandon Sanderson
Jon Reid
Hero (Employee)
Forum|alt.badge.img+18
  • Jon Reid
  • Hero (Employee)
  • 224 replies
  • April 12, 2022

You need to set up the redirect urls in appsettings.json to the *external* urls if there is a reverse proxy.   This can be specified in the installer.   Since the installer runs on the app server it is not directly aware if the external url is different.  Also you might have an uppercase/lowercase issue - the urls need to be consistent in case.

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings