Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Sanele Ngidi 14 posts 94 karma points
    Jul 18, 2023 @ 06:31
    Sanele Ngidi
    0

    Error Code 520 on Umbraco Backoffice OIDC redirect on AKS, Nginx and CloudFlare

    Hi,

    I need assistance. I have Umbraco v10 with User backoffice authentication using OIDC to MS AAD. The application is hosted in AkS with nginx ingress controller as Load Balancer and CloudFlare as a proxy server.

    The user can login without a problem initially where they're redirected to Microsoft for the ID and Access Tokens and on return the token is validated and user authenticated in Umbraco backoffice. The issue starts when the session expires in Umbraco and the user tries to login again, the redirect to Microsoft takes place, but on return to Umbraco the user is presented with CloudFlare's error "Web server is returning an unknown error" Error code 520.

    When checking on the request for the error page I notice there are additional cookies UmbracoExternalCookie, UmbracoExternalCookieC1, UmbracoExternalCookieC2 and UmbracoExternalCookieC3.

    If these cookies are removed, a user can login to backoffice correctly. If we switch off proxy flag on CloudFlare, the user never experience the error code 520 even on re-login scenario. I wonder if anyone here has experienced a similar issue and how have they resolved it.

  • Tom Newt 28 posts 183 karma points
    Oct 26, 2023 @ 14:13
    Tom Newt
    0

    Were you able to find a solution? I'm hitting the same 520 error, but our stack is simply CloudFlare proxy in front of IIS 10.

  • Sanele Ngidi 14 posts 94 karma points
    Nov 03, 2023 @ 05:56
    Sanele Ngidi
    100

    Hi Tom,

    I eventually got it resolved. What we had to OpenIdConnectIdentityExtensions is to set options.SaveTokens = false.

    We also set options.AutoRedirectLoginToExternalProvider = true on OpenIdConnectBackOfficeExternalLoginProviderOptions.Configure(BackOfficeExternalLoginProviderOptions options) method. This one is just for reducing clicks for the backoffice, it's auto redirects to MS auth and returns to logged in page.

    Do let me know if it worked for you or not, if not we can try something else. Good luck :)

Please Sign in or register to post replies

Write your reply to:

Draft