DEV Community

Richard Cowin
Richard Cowin

Posted on

Setting up Spring Security with Azure Active Directory

Below are the settings to configure a Spring Boot web app to use Azure Active Directory authentication.

App is based on spring-boot-starter-parent:2.1.4.RELEASE.

POM dependencies snippet:





Snippet of

# Active Directory Authentication
azure.activedirectory.user-group.allowed-groups=group1, group2, group2

@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AADOAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

    private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;

    protected void configure(HttpSecurity http) throws Exception {


I'm stuck with JSPs, so use taglibs, for example:

<security:authorize access="hasRole('group1')">
    Authorised users only

User's name: <security:authentication property="name"/>

The Azure configuration is where it starts getting odd. There is an associated App Registration, with the Authentication configured as below:


I have a localhost setting, which allows the http prefix for local development - nothing wrong there.

However for my two app service deployments I have to use http rather than https (NB. my app is configured to accept only HTTPS), and I can only do this by selecting "Public client (mobile & desktop)".

If I try to use https with Type of "Web" I get the following error on authenticating:

auth error

Top comments (3)

swissbuechi profile image
Raphael Büchi • Edited

Please take a look at my answer:

"With the new azure-spring-boot-starter-active-directory dependency for Spring you can add the azure.activedirectory.redirect-uri-template propertie."

jrnjerin profile image


Can somebody help me with this issue?
I have a made a spring boot app with Azure AD integration using the spring boot azure ad starter and deployed to aws. I had secured only one url to test everything is working. But when I try to load the url from the browser it is not at all loading. It is just getting timed out. Everything is working fine in localhost. Problems is only when deploy to real server.

motolola profile image

This is exactly what I am currently getting as I set up a local app on localhost.
I am stuck here, but I need to keep trying if I can brute force my way out of errors ...