Forum Discussion

Copper Contributor

Sep 27, 2024

Solved

AAD application proxy : access from external issue

Hello, I have published an application with SAML SSO. from internal, it works fine. When I connect to https://myapp, all is ok. I have set up an external Url : https://myapp.my_custom_external...

azure ad application proxy

SSO

ARAIMBAULT
Oct 01, 2024
Ok it works now
I ve got a fortigate, with webfilter or other security profile, it does not work, i had to open Internet services.
Like this :
thanks for help.

ARAIMBAULT

Copper Contributor

Sep 27, 2024

micheleariis

Thank you for your answer but unfortunately I already did this trick and like I said, I get a timeout.

Regards.

Jamesscarr

Copper Contributor

Sep 27, 2024

When internal, try and ping the web address that worked (https://myapp) does it resolve an internal address? If so, SAML SSO may still work because it might not be using the App Proxy.

Have you verified you can can communicate between your server hosting the agent and the application? Have you verified that the Server hosting the proxy agent has outbound Internet access and can communicate with Entra ID?

ARAIMBAULT
Copper Contributor
Sep 30, 2024
Hi,
Yes, in internal, when I ping "myapp" host, it resolve an internal address.
Yes, server hosting agent can communicate with server hosting application.
Proxy agent server can communicate with entra. this server is the same as AAD synchronisation service server.
- ARAIMBAULT
  Copper Contributor
  Sep 30, 2024
  I have installed wireshark on proxy agent server, and when I log in with SAML, there is no communication between app server and proxy agent.
  I don't know what i miss. 😕
  - Jamesscarr
    Copper Contributor
    Sep 30, 2024
    Yeah, that makes sense as it's using internal DNS to resolve the app and just using SAML.
    
    What happens if you remove the custom domain for the app proxy address and use one of Microsofts app proxy addresses. In the Entra portal, is the agent showing as online?