Django Azure广告AADSTS50011:请求中指定的回复URL与为应用程序配置的回复URL不匹配

时间:2019-09-12 13:49:50

标签: django azure azure-active-directory django-authentication

我正在尝试使用azure活动目录对用户进行身份验证,但是我正在获取 `AADSTS50011:请求中指定的回复URL与为应用程序配置的回复URL不匹配 我正在使用django-microsoft-auth库。我已经提到了多个与此有关的StackOverflow问题,但是没有一个问题可以解决我的问题。 它们都不是特定于Django的

settings.py 

"""

Django settings for mywebapp project.

Generated by 'django-admin startproject' using Django 2.1.4.

For more information on this file, see
https://docs.djangoproject.com/en/2.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.1/ref/settings/
"""

import os

# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'wi31*5al3v=&or_p354489830j)w_zr-)1^a$m*=@yo1l62nni'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = ["*"]

SITE_ID = 1

# Application definition

INSTALLED_APPS = [
    'django.contrib.sites',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'myapp',
    'microsoft_auth',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'mywebapp.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
                'microsoft_auth.context_processors.microsoft',
            ],
        },
    },
]

WSGI_APPLICATION = 'mywebapp.wsgi.application'


# Database
# https://docs.djangoproject.com/en/2.1/ref/settings/#databases

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
    }
}

AUTHENTICATION_BACKENDS = [
    'microsoft_auth.backends.MicrosoftAuthenticationBackend',
    'django.contrib.auth.backends.ModelBackend' # if you also want to use Django's authentication
    # I recommend keeping this with at least one database superuser in case of unable to use others
]

# Password validation
# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


    # Internationalization
    # https://docs.djangoproject.com/en/2.1/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.1/howto/static-files/

STATIC_URL = '/static/'


MICROSOFT_AUTH_CLIENT_ID ={clientid}
MICROSOFT_AUTH_CLIENT_SECRET = {Secret}

MICROSOFT_AUTH_LOGIN_TYPE = 'ma'

urls.py 

urlpatterns = [
    path('microsoft/', include('microsoft_auth.urls', namespace='microsoft')),
    path('myapp/', include('myapp.urls')),
    path('admin/', admin.site.urls),
]

2 个答案:

答案 0 :(得分:0)

通常,当azure门户中定义的重定向URL与您的授权请求中的重定向URL不匹配时,就会发生此问题。您可以使用fiddler捕获授权请求url,以在请求中找到重定向URL。

https://login.microsoftonline.com/{tenant}/oauth2/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%3A12345 &response_mode=query &resource=https%3A%2F%2Fservice.contoso.com%2F &state=12345

复制此redirect_uri并将其粘贴到Azure门户。

答案 1 :(得分:0)

运行内置服务器时,默认情况下,该服务器在端口8000上运行。因此,您要在Azure中输入的回调URL为http://localhost:8000/microsoft/auth-callback/

问题是Azure会回叫但会删除冒号和端口号,因此它将在http://localhost/microsoft/auth-callback/上回叫服务器,这显然会因为服务器侦听端口8000而失败。

在这种情况下,您只需配置iptables重定向规则即可将流量从端口80上的localhost重定向到端口8000(如在Linux上):

iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 8000

# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 295 packets, 66558 bytes) pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 295 packets, 66558 bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 145K packets, 8873K bytes) pkts bytes target prot opt in out source destination
211 12660 REDIRECT tcp -- * * 127.0.0.1 127.0.0.1 tcp dpt:80 redir ports 8000

Chain POSTROUTING (policy ACCEPT 145K packets, 8886K bytes) pkts bytes target prot opt in out source destination

相关问题
最新问题