response_mode failing to be inserted as query parmeters when configuring SSO

[stevezaluk]

During Evaluation of Certify Web Management Hub, I attempted to configure Microsoft Entra Single Sign On and discovered that calls to the /authorize endpoint are not having response_mode being injected into the query parameters. This leads to 405 errors when calls are made back to the redirect URI post-authentication.

Upon further inspection of the code base, the faulting line of code appears to be here: https://github.com/webprofusion/certify/blame/128ad3dfe39d35d13eea81ca71bc744c2ee66a64/src/Certify.Server/Certify.Server.Hub.Api/Controllers/v1/AuthController.cs#L335:~:text=//%20queryParams%5B%22response_mode%22%5D%20%3D%20config.ResponseMode%3B

The conditional for inserting response_mode while building the authorization endpoint is commented out, leading to authentication issues. This was tested on the docker image with the latest tag

[webprofusion-chrisc]

Thanks Steve, testing Entra with Response_mode set to form_post works for us but you may also have to configure that in the azure entra app settings

[webprofusion-chrisc]

I should add that this was our first draft at OIDC support and we haven't tried it with anything other than Azure Entra, so there is more work to do on this, including a guide for each popular provider so that the configuration matches what we need.

[nickalleyne]

Thanks Steve, testing Entra with Response_mode set to form_post works for us but you may also have to configure that in the azure entra app settings

Hi Chris,
Are you able to add those entra settings into the documentation, where you would configure form_post in Entra? That way it can be consistent on both sides.

[webprofusion-chrisc]

@nickalleyne looking at this again it doesn't seem like you have to configure that in Entra at all. Here's a couple of screenshots of what works for us: