I have tried setting up single signon on a sample node.js app with express and Microsoft authentication.
This is the steps and source code link
When I run locally, it is working. When I kept in kubernetes and access directly using load balancer service IP, it is working. But, when I deployed a k3s VM in Azure Ubuntu machine and kept Azure app gateway in same network and configured traffic to route to this load balancer IP, it is going to the signin page.
But when I click on "Sign in" button, it is giving 502 Bad Gateway
error.
When I click on refresh, then error is coming in log. This is the pod log when that error came.
onocspresponse: [Function: onocspresponse], onnewsession: [Function: onnewsessionclient], onerror: [Function: onerror], [Symbol(owner_symbol)]: [Circular *1] }, _requestCert: true, _rejectUnauthorized: true, parser: null, _httpMessage: [Circular *2], [Symbol(res)]: TLSWrap { _parent: TCP { reading: [Getter/Setter], onconnection: null, [Symbol(owner_symbol)]: [Circular *1] }, _parentWrap: undefined, _secureContext: SecureContext { context: SecureContext {} }, reading: true, onkeylog: [Function: onkeylog], onhandshakestart: {}, onhandshakedone: [Function (anonymous)], onocspresponse: [Function: onocspresponse], onnewsession: [Function: onnewsessionclient], onerror: [Function: onerror], [Symbol(owner_symbol)]: [Circular *1] }, [Symbol(verified)]: true, [Symbol(pendingSession)]: null, [Symbol(async_id_symbol)]: 76, [Symbol(kHandle)]: TLSWrap { _parent: TCP { reading: [Getter/Setter], onconnection: null, [Symbol(owner_symbol)]: [Circular *1] }, _parentWrap: undefined, _secureContext: SecureContext { context: SecureContext {} }, reading: true, onkeylog: [Function: onkeylog], onhandshakestart: {}, onhandshakedone: [Function (anonymous)], onocspresponse: [Function: onocspresponse], onnewsession: [Function: onnewsessionclient], onerror: [Function: onerror], [Symbol(owner_symbol)]: [Circular *1] }, [Symbol(lastWriteQueueSize)]: 0, [Symbol(timeout)]: null, [Symbol(kBuffer)]: null, [Symbol(kBufferCb)]: null, [Symbol(kBufferGen)]: null, [Symbol(kCapture)]: false, [Symbol(kSetNoDelay)]: false, [Symbol(kSetKeepAlive)]: true, [Symbol(kSetKeepAliveInitialDelay)]: 60, [Symbol(kBytesRead)]: 0, [Symbol(kBytesWritten)]: 0, [Symbol(connect-options)]: { rejectUnauthorized: true, ciphers: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA', checkServerIdentity: [Function: checkServerIdentity], minDHSize: 1024, maxRedirects: 21, maxBodyLength: Infinity, protocol: 'https:', path: null, method: 'GET', headers: [Object: null prototype] { To bottom Logs from 9/12/2023, 11:19:18 AM