Error 502 using Azure AD

Question

Error 502 using Azure AD

SilvaFernando opened this issue 9 months ago · 10 comments

HI.
I'm testind vaultwarden using this image timshel/vaultwarden:1.30.5-9 and Azure Oauth using this documentation:https://github.com/Timshel/vaultwarden/blob/sso-support/SSO.md#microsoft-entra-id

SSO_ENABLED=true
SSO_CLIENT_ID={client_id}
SSO_CLIENT_SECRET={client_secret}
SSO_AUTHORITY=https://login.microsoftonline.com/{tenant_id}/v2.0

Answer 1 · 2024-04-19T15:06:10.000Z

Can you help me?

Answer 2 · 2024-04-19T17:08:30.000Z

Do you have the 502 when coming back to Vaultwarden after login on Azure AD ?
Any error in the server logs ?

Answer 3 · 2024-04-22T12:28:44.000Z

After Azure AD logon:

Answer 4 · 2024-04-22T12:51:50.000Z

From the logs the redirection from Azure appear to be working but then Vaultwarden need to redirect to itself, and it fails (unless you did not include any follow-up logs).

So I would say:

Open the network panel in your browser debugger and check the cause for the redirection failure.
Check your DOMAIN config it's used to build the url logged in Redirection to, is it truly valid ? no typo ?
Check your proxy settings is it blocking the redirection ?

Remarks on your anonymization of the logs :

The domain is probably still legible ;).
The code included is the redirection is sensitive information but should have a short life .

Answer 5 · 2024-04-23T12:16:02.000Z

On Azure side I'm using something like that:

On Vaultwarden side, I'm using a Nginx Proxy Manager with this options:

And my envs:

If I'm doing something wrong please, let me know

Answer 6 · 2024-04-23T21:10:08.000Z

Hey
Have you checked what I mentioned in my previous comment ?
I would say try to manually redirect to redirection uri mentioned in the log.

Answer 7 · 2024-04-24T17:49:31.000Z

Yes the redirect URI is valid, I've tried copy and access on my browser.

One thing when I tried https://my-dns/identity/connect/oidc-signin I have this error:

Answer 8 · 2024-04-25T08:25:02.000Z

Yes, without the query parameters rocket return a 404, il you add a dummy code and state you'll get a 400 failure.

In your server log the 307 redirection was correctly generated so no issue here.

I have no idea why the url would work manually but the browser would fail to redirect.
Maybe check the browser debugger to see if there is more information ?

Answer 9 · 2024-04-25T08:43:49.000Z

Are you by chance running on Synology ?
There is some discussion on reddit eng and fr

Answer 10 · 2024-04-25T12:48:05.000Z

Hi @Timshel.

Solved, I've found a log on NPM: 2024/04/25 09:06:36 [error] 186#186: *94 upstream sent too big header while reading response header from upstream

And I solved using this documentation: https://ambidextrous-dev.medium.com/nginx-error-upstream-sent-too-big-header-2e16c34e08

Thanks for you help