Error Code 520 on Umbraco Backoffice OIDC redirect on AKS, Nginx and CloudFlare
Hi,
I need assistance. I have Umbraco v10 with User backoffice authentication using OIDC to MS AAD. The application is hosted in AkS with nginx ingress controller as Load Balancer and CloudFlare as a proxy server.
The user can login without a problem initially where they're redirected to Microsoft for the ID and Access Tokens and on return the token is validated and user authenticated in Umbraco backoffice. The issue starts when the session expires in Umbraco and the user tries to login again, the redirect to Microsoft takes place, but on return to Umbraco the user is presented with CloudFlare's error "Web server is returning an unknown error" Error code 520.
When checking on the request for the error page I notice there are additional cookies UmbracoExternalCookie, UmbracoExternalCookieC1, UmbracoExternalCookieC2 and UmbracoExternalCookieC3.
If these cookies are removed, a user can login to backoffice correctly. If we switch off proxy flag on CloudFlare, the user never experience the error code 520 even on re-login scenario. I wonder if anyone here has experienced a similar issue and how have they resolved it.
I eventually got it resolved. What we had to OpenIdConnectIdentityExtensions is to set options.SaveTokens = false.
We also set options.AutoRedirectLoginToExternalProvider = true on OpenIdConnectBackOfficeExternalLoginProviderOptions.Configure(BackOfficeExternalLoginProviderOptions options) method. This one is just for reducing clicks for the backoffice, it's auto redirects to MS auth and returns to logged in page.
Do let me know if it worked for you or not, if not we can try something else. Good luck :)
Error Code 520 on Umbraco Backoffice OIDC redirect on AKS, Nginx and CloudFlare
Hi,
I need assistance. I have Umbraco v10 with User backoffice authentication using OIDC to MS AAD. The application is hosted in AkS with nginx ingress controller as Load Balancer and CloudFlare as a proxy server.
The user can login without a problem initially where they're redirected to Microsoft for the ID and Access Tokens and on return the token is validated and user authenticated in Umbraco backoffice. The issue starts when the session expires in Umbraco and the user tries to login again, the redirect to Microsoft takes place, but on return to Umbraco the user is presented with CloudFlare's error "Web server is returning an unknown error" Error code 520.
When checking on the request for the error page I notice there are additional cookies UmbracoExternalCookie, UmbracoExternalCookieC1, UmbracoExternalCookieC2 and UmbracoExternalCookieC3.
If these cookies are removed, a user can login to backoffice correctly. If we switch off proxy flag on CloudFlare, the user never experience the error code 520 even on re-login scenario. I wonder if anyone here has experienced a similar issue and how have they resolved it.
Were you able to find a solution? I'm hitting the same 520 error, but our stack is simply CloudFlare proxy in front of IIS 10.
Hi Tom,
I eventually got it resolved. What we had to OpenIdConnectIdentityExtensions is to set options.SaveTokens = false.
We also set options.AutoRedirectLoginToExternalProvider = true on OpenIdConnectBackOfficeExternalLoginProviderOptions.Configure(BackOfficeExternalLoginProviderOptions options) method. This one is just for reducing clicks for the backoffice, it's auto redirects to MS auth and returns to logged in page.
Do let me know if it worked for you or not, if not we can try something else. Good luck :)
is working on a reply...