Azure AD authentication to application behind Kong on Kubernetes

Here is the scenario

  • Kubernetes cluster
  • Kong proxy and ingress controller with TLS certificate deployed for HTTPS termination
  • .NET ASP web application with authentication based on Azure AD
  • .NET ASP app runs on Kestrel and listens on HTTP
  • no Kong authentication plugins used

Are there any additional configuration requirements to be applied on Kong proxy in order to make the Azure AD authentication work?

I imagined it should be a common scenario to use Azure AD authentication behind NGINX(-based) proxy, but I’m hitting some walls and despite redirect URLs being generated correctly, I’m observing Kong blocking the traffic at some point with Bad Request.

I found this guide which suggests there is some configurationrequired, but I have no idea how this could be applied to Kong on Kubernetes: