Microsoft
MicrosoftHello Westley,
Thanks for your reply. To clarify, the app is only using Windows Auth to make sure that there is a Windows identity that can be used to get an access token from SharePoint via the app's backend. This access token is then used with AJAX requests to SharePoint.
The call that is failing is that AJAX call to the SharePoint REST API. It has the token in the headers, but is redirected to ADFS, which itself is also behind WAP. This POST request, triggers a preflight OPTIONS request, which is redirected to ADFS, which is not allowed for CORS requests.
I have tried enabling CORS in ADFS on the ADFS server, but the behavior is the same. The AJAX request is not logged in the event viewer on the WAP server while other requests are, without errors. So to me it seems that the web browser is seeing that WAP wants to redirect the preflight request to SharePoint and terminates as it does not match the CORS policy. Does ADFS CORS configuration work with WAP?
