Potential EntraID Authentication issues with the v3.48 (Port 443) introduction

This guide outlines the steps required to update your SAFEQ Cloud OAuth2 authentication provider configuration to support the introduction of port 443.

 

Version 3.48 introduces the use of Port 443 extensively simplifying the communication SAFEQ Cloud client endpoints.

The enhancement may however cause authentication issues in specific customer scenarios.

Customers impacted by this change are advised to promptly take action by following the steps provided below to prevent any potential disruptions.

 

The following scenarios are affected:

  • Customers who have custom OIDC Authentication turned on within their Entra ID or OKTA auth provider. 

Affected client behaviour: Failure to authenticate on Web Admin UI and PC Clients with message "Application with identifier 'https:<your tenant url>:443/' was not found in the directory..."

To keep authentication working via both port 8443 and 443, simply add new Redirect URL with updated port for authentication provider to the list of values. So in the values for the Redirect URL will be two same records but with different port e.g:

https://[domain]:8443/[callback] and 

https://[domain]:443/[callback]. 

Follow the below instructions per authentication provider to reconfigure using port 443.

Microsoft Entra ID

OAuth 2.0 and OIDC configuration

The general process for migrating Microsoft Entra ID (formerly Azure AD) configurations for OAuth 2.0 and OpenID Connect (OIDC), as well as the creation of applications in Azure, is quite similar, as both protocols are built on the same foundation. For additional information refer to the Add a custom app in Microsoft Entra ID and Microsoft Entra authentication documentation.

  1. Navigate to Microsoft Entra Admin Center in your web browser and sign in with your administrator credentials.
  2. Navigate to App registrations. Find and select the application you wish to update. You can search for it by name if needed.
  3. Access Authentication Settings. In your app registration overview, click on "Authentication" in the left-hand menu.

  4. Locate the Redirect URIs Section. Scroll down to the "Redirect URIs" section.

  5. Add the additional Redirect URI. You’ll see a list of current Redirect URIs that are configured to handle authentication responses.

  6. Save and test your changes.

Okta

OIDC configuration

Migrating OIDC Okta to port 443. For additional information refer to the OKTA Authentication documentation.

  1. Access the Okta Admin Console and log in with your administrator credentials.
  2. Navigate to Applications, find and select the application for which you need to update the redirect URLs.
  3. In the application settings, go to the "General" tab click "Edit".
  4. Add an additional Sign-in redirect URIs to use port 443.
  5. Save and test your changes