Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,213 questions
How to use single signon of nodejs app using kubernetes deployment?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 49%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUK%3C/text%3E%3C/svg%3E)
Uday Kiran Reddy (ureddy)
96
Reputation points
I have tried setting up single signon on a sample nodejs app with express and microsoft authentication.
This is the steps and source code [link][1]
When I run locally, it is working.
When I kept in kubernetes and access directly using loadbanacer service ip, it is working.
But, when I deployed a k3s vm in azure ubuntu machine and kept azure app gateway in same network and configured traffic to route to this load balancer ip,
It is going to the signin page.
[webpage loaded][2]
But when I click on signin button, it is giving 502 gateway error.
[502 error][3]
When I click on refresh, then error is coming in log.
This is the pod log when that error came.
> onocspresponse: [Function: onocspresponse],
> onnewsession: [Function: onnewsessionclient],
> onerror: [Function: onerror],
> [Symbol(owner_symbol)]: [Circular *1]
> },
> _requestCert: true,
> _rejectUnauthorized: true,
> parser: null,
> _httpMessage: [Circular *2],
> [Symbol(res)]: TLSWrap {
> _parent: TCP {
> reading: [Getter/Setter],
> onconnection: null,
> [Symbol(owner_symbol)]: [Circular *1]
> },
> _parentWrap: undefined,
> _secureContext: SecureContext { context: SecureContext {} },
> reading: true,
> onkeylog: [Function: onkeylog],
> onhandshakestart: {},
> onhandshakedone: [Function (anonymous)],
> onocspresponse: [Function: onocspresponse],
> onnewsession: [Function: onnewsessionclient],
> onerror: [Function: onerror],
> [Symbol(owner_symbol)]: [Circular *1]
> },
> [Symbol(verified)]: true,
> [Symbol(pendingSession)]: null,
> [Symbol(async_id_symbol)]: 76,
> [Symbol(kHandle)]: TLSWrap {
> _parent: TCP {
> reading: [Getter/Setter],
> onconnection: null,
> [Symbol(owner_symbol)]: [Circular *1]
> },
> _parentWrap: undefined,
> _secureContext: SecureContext { context: SecureContext {} },
> reading: true,
> onkeylog: [Function: onkeylog],
> onhandshakestart: {},
> onhandshakedone: [Function (anonymous)],
> onocspresponse: [Function: onocspresponse],
> onnewsession: [Function: onnewsessionclient],
> onerror: [Function: onerror],
> [Symbol(owner_symbol)]: [Circular *1]
> },
> [Symbol(lastWriteQueueSize)]: 0,
> [Symbol(timeout)]: null,
> [Symbol(kBuffer)]: null,
> [Symbol(kBufferCb)]: null,
> [Symbol(kBufferGen)]: null,
> [Symbol(kCapture)]: false,
> [Symbol(kSetNoDelay)]: false,
> [Symbol(kSetKeepAlive)]: true,
> [Symbol(kSetKeepAliveInitialDelay)]: 60,
> [Symbol(kBytesRead)]: 0,
> [Symbol(kBytesWritten)]: 0,
> [Symbol(connect-options)]: {
> rejectUnauthorized: true,
> ciphers: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA',
> checkServerIdentity: [Function: checkServerIdentity],
> minDHSize: 1024,
> maxRedirects: 21,
> maxBodyLength: Infinity,
> protocol: 'https:',
> path: null,
> method: 'GET',
> headers: [Object: null prototype] { To bottom Logs from 9/12/2023, 11:19:18 AM
Azure Application Gateway
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
{count} votes
-
Prrudram-MSFT 28,201 Reputation points Moderator2023-09-14T10:55:42.47+00:00 The 502 gateway error you are seeing when trying to sign in to your Node.js app with Microsoft authentication could be caused by several issues. Here are some things to check:
Make sure that the Azure App Gateway is properly configured to route traffic to the Kubernetes load balancer IP. You can check the App Gateway logs to see if there are any errors related to the routing configuration.
Check the Kubernetes logs for the Node.js app to see if there are any errors related to the authentication process. You can use the
kubectl logscommand to view the logs for a specific pod.Make sure that the Azure AD app registration for your Node.js app is properly configured. You can check the app registration settings in the Azure portal to make sure that the redirect URIs and other settings are correct.
Check the network security group (NSG) settings for the Kubernetes cluster to make sure that traffic is allowed on the necessary ports for Microsoft authentication.
Make sure that the DNS settings for the Kubernetes cluster are properly configured to resolve the Azure AD endpoints.
Check the TLS/SSL certificate settings for the Azure App Gateway to make sure that they are properly configured and up-to-date.
Check the TLS/SSL certificate settings for the Kubernetes cluster to make sure that they are properly configured and up-to-date.
If you have checked all of these things and are still having issues, you may want to try deploying the Node.js app and Azure App Gateway in a test environment to see if you can reproduce the issue and troubleshoot it further.
Sign in to comment
Sign in to answer