cancel
Showing results for 
Search instead for 
Did you mean: 

Why F5 APM responds with a 200 OK instead of 302 to the original landing URI, for the /oauth/client/redirect replyback URI call, when the first call before Auth_redirect to AzureAD was a POST instead of a GET

sricharan61
Cirrus
Cirrus

Why F5 APM responds with a 200 OK instead of 302 redirect, to the original landing URI, for the /oauth/client/redirect replyback URI call comming into F5, when the first call before Auth_redirect to AzureAD was a POST instead of a GET.

 

Scenario:

 

1)Browser trace Output: for GET scenario

 

 

a)

Initial client request before the user clicks on sign in that triggers the AzureAD auth-redirect

Request URL: https://www.abc.com/home/path/account/abc.aspx?

Request Method: GET

Status Code: 302 Found

 

b)

when user clicks on signin, // auth_redirect based request call from client.//

 

Request URL: https://login.microsofonline.com/xxxxxxxx-bbbb-yyyyyyyy-eeeeeeeeeee/oauth2/v2.0/authorize?p=soandso&brand=sosososo&client_id=asdfsadfsad-asdfsf--sadfsafd-sdfsdfsadfs&grant_type=authorization_code&id_token=code&profile=profile_&redirect_uri=https%3A%2F%2Fwww.abc.com%2Foauth%2Fclient%2Fredirect&response_type=code&scope=https%3A%2F%2Flogin.microsoftonline.com%blablabla&state=qwesgergshrthrheahsgtjhrestd

Request Method: GET

Status Code: 200 OK

 

c)

After Azure signs the user in and responds back with a reply back URI /oauth/client/redirect/, the client calls that path, and F5 APM responds with 302 and Location as the Landing URI called initially with a GET in a) // the page at which the client was before azure login redirect was triggered//

 

Request URL: https://www.abc.com/oauth/client/redirect?state=5WYqmkC6LIND5vdzW3NdEuw&code=bla2

Request Method: GET

Status Code: 302 Found

 

Location: /home/path/account/abc.aspx?

 

 

 

 

 

 

 

2) Browser trace Output: for POST scenario

 

a)

Initial client request before the user clicks on sign in that triggers the AzureAD auth-redirect

Request URL: https://www.abc.com/home/path/account/abc.aspx?

Request Method: POST

Status Code: 302 Found

 

b)when user clicks on signin, // auth_redirect based request call from client.//

 

Request URL: https://login.microsofonline.com/xxxxxxxx-bbbb-yyyyyyyy-eeeeeeeeeee/oauth2/v2.0/authorize?p=soandso&brand=sosososo&client_id=asdfsadfsad-asdfsf--sadfsafd-sdfsdfsadfs&grant_type=authorization_code&id_token=code&profile=profile_&redirect_uri=https%3A%2F%2Fwww.abc.com%2Foauth%2Fclient%2Fredirect&response_type=code&scope=https%3A%2F%2Flogin.microsoftonline.com%blablabla&state=asdfasfdgsdghfdjhggfjhgfkj

Request Method: GET

Status Code: 200 OK

 

 

c)

 

After Azure signs the user in and responds back with a reply back URI /oauth/client/redirect/, the client calls that path, and F5 APM responds with 200 instead of 302 as you see in 1)(c)

 

 

Request URL: https://www.abc.com/oauth/client/redirect?state=5ku8FTAK6ZBC-yej483vK8w&code=bla

Request Method: GET

Status Code: 200 OK

 

 

0 REPLIES 0