Forum Discussion

ARAIMBAULT's avatar
ARAIMBAULT
Copper Contributor
Sep 27, 2024
Solved

AAD application proxy : access from external issue

Hello, I have published an application with SAML SSO. from internal, it works fine. When I connect to https://myapp, all is ok.   I have set up an external Url  : https://myapp.my_custom_external...
azure ad application proxy
SSO
  • ARAIMBAULT's avatar
    ARAIMBAULT
    Oct 01, 2024

    Ok it works now
    I ve got a fortigate, with webfilter or other security profile, it does not work, i had to open Internet services.

    Like this : 

    thanks for help.

ARAIMBAULT's avatar
ARAIMBAULT
Copper Contributor
Sep 27, 2024

micheleariis 

Thank you for your answer but unfortunately I already did this trick and like I said, I get a timeout.

Regards.

  • Jamesscarr's avatar
    Jamesscarr
    Copper Contributor
    Sep 27, 2024

    When internal, try and ping the web address that worked (https://myapp) does it resolve an internal address? If so, SAML SSO may still work because it might not be using the App Proxy.

    Have you verified you can can communicate between your server hosting the agent and the application? Have you verified that the Server hosting the proxy agent has outbound Internet access and can communicate with Entra ID?

    • ARAIMBAULT's avatar
      ARAIMBAULT
      Copper Contributor
      Sep 30, 2024
      Hi,
      Yes, in internal, when I ping "myapp" host, it resolve an internal address.
      Yes, server hosting agent can communicate with server hosting application.
      Proxy agent server can communicate with entra. this server is the same as AAD synchronisation service server.
      • ARAIMBAULT's avatar
        ARAIMBAULT
        Copper Contributor
        Sep 30, 2024
        I have installed wireshark on proxy agent server, and when I log in with SAML, there is no communication between app server and proxy agent.
        I don't know what i miss. 😕

Resources