search cancel

Invalid 'redirect_uri' in query parameters returned when going through SAC with Mobile Application

book

Article ID: 253451

calendar_today

Updated On:

Products

Secure Access Cloud

Issue/Introduction

SAC Web Application defined to handle mobile application traffic.

Mobile Application passing in requests with query string parameters that reference internal domains.

When going through SAC, the Application would get the following error:

"Invalid 'redirect_uri' in query parameters returned"

The redirect_uri parameter is part of the OAuth request triggered by the mobile app.

Environment

SAC.

OAuth based mobile App configured to go via SAC Web Application.

Cause

SAC could not rewrite query string parameters.

Resolution

SAC team updated Web Application to be able to rewrite query string parameters, but then the following settings needed to be configured for the query string parameters being referenced.

1. the Web application involved connectivity to two SAC Web Applications: WHen this happens, we need to 'Link' the two applications together so that rules can be applied across both Applications.

2. Add the query string parameter name to the Link translation custom rules section: In our case, the URLs referenced passed in both the redirect_uri and redirect_url parameters, and hence we needed to add both to the configuration.

 

Additional Information

With many of these Web Application rewriter issues, we need to understand how the application works without going through SAC, but simply going internally. When this happens, we see the following initial request.

https://cloud.teleyemen.com.ye/provisioning/authn/callback?redirect_url=https://cloud.teleyemen.com.ye/csp/gateway/portal&redirect_uri=https://cloud.teleyemen.com.ye/csp/gateway/portal

 

When going through the SAC Application, the response to the POST request to https://cloud.xxxx.com/SAAS/auth/saml/response (cloud.xxxx.com is the external name for the internal cmp host above) was a redirect to

https://cloud.xxxx.com/SAAS/auth/oauth2/authorize?response_type=code&state=aHR0cHM6Ly9jbG91ZC50ZWxleWVtZW4uY29tLnllL2NzcC9nYXRld2F5L3BvcnRhbA%3D%3D&client_id=provisioning-rpWr198yeUz7NgLx&redirect_uri=https%3A%2F%2Fcloud.xxxx.com%2Fprovisioning%2Fcore%2Fauthn%2Fcsp

which triggered the "Invalid 'redirect_uri' in query parameters returned" error due to the unrecognised domain.

 

Attachments