cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Questions on OCAS proxy redirection.

%3CLINGO-SUB%20id%3D%22lingo-sub-1363959%22%20slang%3D%22en-US%22%3EQuestions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1363959%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Community%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20the%20customer%20created%20the%20custom%20policy%20and%20tried%20to%20enforce%20a%20%E2%80%9Ctest%20user%E2%80%9D%20to%20use%20the%20OCAS%20proxy%20with%20the%20conditional%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20the%20user%20try%20to%20sign%20in%20to%20the%20SharePoint%20we%20can%20see%20that%20the%20user%20trying%20to%20access%20through%20the%20OCAS%20proxy%20but%20redirected%20directly%20to%20the%20regular%20SharePoint%20site.%20The%20issue%20is%20that%20the%20user%20not%20redirected%20to%20the%20OCAS%20proxy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20would%20like%20to%20know%20what%20can%20cause%20this.%20Any%20pointers%20would%20be%20of%20great%20help!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1363959%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EQuestions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1366143%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1366143%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F301435%22%20target%3D%22_blank%22%3E%40Newlife%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20can%20you%20provide%20a%20bit%20more%20detail%20on%20how%20the%20CA%20session%20policy%20was%20setup%20please%2C%20and%20some%20screenshots%20if%20possible%3F%20%26nbsp%3BThis%20would%20be%20really%20helpful%20to%20try%20and%20better%20understand%20the%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1369241%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1369241%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20very%20much%20for%20your%20prompt%20response%2C%20Peter.%26nbsp%3B%20Please%20refer%20the%20attached%20screenshot.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1369317%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1369317%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F301435%22%20target%3D%22_blank%22%3E%40Newlife%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20under%20Access%20Control%20and%20Session%20Policies%20that%20would%20be%20handy%20to%20see%20please%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-05-07%20at%2012.39.30.png%22%20style%3D%22width%3A%20676px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F189732i57AF64F9D3A45CF3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot%202020-05-07%20at%2012.39.30.png%22%20alt%3D%22Screenshot%202020-05-07%20at%2012.39.30.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1369346%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1369346%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B-%20Another%20note%20is%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BOCAS%20license%20in%20conflict%20state%3F%3C%2FP%3E%3CP%3EIs%20it%20can%20cause%20the%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20refer%20attachment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1371720%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1371720%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F301435%22%20target%3D%22_blank%22%3E%40Newlife%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20that%20group%20based%20licensing%20you%20are%20using%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1372742%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1372742%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F301435%22%20target%3D%22_blank%22%3E%40Newlife%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20able%20to%20share%20the%20session%20policy%20settings%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1382607%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1382607%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B-%20Thanks%20for%20your%20response%2C%20Session%20policy%20details%20attached%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1383530%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1383530%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F301435%22%20target%3D%22_blank%22%3E%40Newlife%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOK%2C%20so%20this%20is%20a%20custom%20policy%20then.%20%26nbsp%3BAre%20you%20able%20to%20share%20the%20custom%20policy%20settings%20please%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386081%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386081%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B-%20Thanks%20for%20your%20prompt%20response.%20All%20details%20are%20attached.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386107%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386107%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387276%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20OCAS%20proxy%20redirection.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387276%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F301435%22%20target%3D%22_blank%22%3E%40Newlife%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOK%2C%20the%20first%20thing%20I%20notice%20is%20that%20you%20have%20the%20Office%20365%20preview%20selected%20in%20the%20included%20apps.%20%26nbsp%3BThis%20feature%20still%20being%20in%20preview%20-%20I%20have%20found%20produces%20mixed%20results.%20%26nbsp%3BIt%20may%20be%20worth%20modifying%20the%20policy%20to%20include%26nbsp%3B%3CSTRONG%3EOffice%20365%20Exchange%26nbsp%3B%3C%2FSTRONG%3E%3CSTRONG%3EOnline%26nbsp%3B%3C%2FSTRONG%3Eand%26nbsp%3B%3CSTRONG%3EOffice%20365%20SharePoint%20Online%26nbsp%3B%3C%2FSTRONG%3Eas%20shown%20below%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-05-13%20at%2018.55.09.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F191415i9460265C9006DB31%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot%202020-05-13%20at%2018.55.09.png%22%20alt%3D%22Screenshot%202020-05-13%20at%2018.55.09.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20I%20still%20cannot%20see%20what%20your%20custom%20policy%20in%20Cloud%20App%20Security%20is%20doing%3F%20%26nbsp%3BAre%20you%20able%20to%20share%20the%20settings%20for%20this%20also%20please%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Newlife
Frequent Contributor

‎May 06 2020 07:49 AM

‎May 06 2020 07:49 AM

Questions on OCAS proxy redirection.

Hi Community, 

 

One of the customer created the custom policy and tried to enforce a “test user” to use the OCAS proxy with the conditional access.

 

When the user try to sign in to the SharePoint we can see that the user trying to access through the OCAS proxy but redirected directly to the regular SharePoint site. The issue is that the user not redirected to the OCAS proxy.

 

They would like to know what can cause this. Any pointers would be of great help!

 

 

474 Views
0 Likes
11 Replies
Reply
11 Replies
PeterRising

‎May 06 2020 11:39 PM

‎May 06 2020 11:39 PM

Re: Questions on OCAS proxy redirection.

@Newlife 

 

Hi, can you provide a bit more detail on how the CA session policy was setup please, and some screenshots if possible?  This would be really helpful to try and better understand the issue.

0 Likes
Reply
Newlife

‎May 07 2020 04:02 AM - edited ‎May 07 2020 04:03 AM

‎May 07 2020 04:02 AM - edited ‎May 07 2020 04:03 AM

Re: Questions on OCAS proxy redirection.

Thank you very much for your prompt response, Peter.  Please refer the attached screenshot.

 

 
 

 

 

 

 

Preview file
91 KB
0 Likes
Reply
PeterRising

‎May 07 2020 04:40 AM

‎May 07 2020 04:40 AM

Re: Questions on OCAS proxy redirection.

@Newlife 

 

It's under Access Control and Session Policies that would be handy to see please;

 

Screenshot 2020-05-07 at 12.39.30.png

0 Likes
Reply
Newlife

‎May 07 2020 04:49 AM

‎May 07 2020 04:49 AM

Re: Questions on OCAS proxy redirection.

@PeterRising - Another note is 

 OCAS license in conflict state?

Is it can cause the issue?

 

Please refer attachment.

Preview file
55 KB
0 Likes
Reply
PeterRising

‎May 07 2020 12:22 PM

‎May 07 2020 12:22 PM

Re: Questions on OCAS proxy redirection.

@Newlife 

 

Is that group based licensing you are using?

0 Likes
Reply
PeterRising

‎May 07 2020 11:23 PM

‎May 07 2020 11:23 PM

Re: Questions on OCAS proxy redirection.

@Newlife 

 

Are you able to share the session policy settings?

0 Likes
Reply
Newlife

‎May 12 2020 06:37 AM

‎May 12 2020 06:37 AM

Re: Questions on OCAS proxy redirection.

@PeterRising - Thanks for your response, Session policy details attached

Preview file
145 KB
0 Likes
Reply
PeterRising

‎May 12 2020 10:42 AM

‎May 12 2020 10:42 AM

Re: Questions on OCAS proxy redirection.

@Newlife 

 

OK, so this is a custom policy then.  Are you able to share the custom policy settings please?

0 Likes
Reply
Newlife

‎May 13 2020 04:42 AM

‎May 13 2020 04:42 AM

Re: Questions on OCAS proxy redirection.

@PeterRising - Thanks for your prompt response. All details are attached.

Preview file
378 KB
0 Likes
Reply
Newlife

‎May 13 2020 04:52 AM

‎May 13 2020 04:52 AM

Re: Questions on OCAS proxy redirection.

@PeterRising 

Preview file
378 KB
0 Likes
Reply
PeterRising

‎May 13 2020 10:58 AM

‎May 13 2020 10:58 AM

Re: Questions on OCAS proxy redirection.

@Newlife 

 

OK, the first thing I notice is that you have the Office 365 preview selected in the included apps.  This feature still being in preview - I have found produces mixed results.  It may be worth modifying the policy to include Office 365 Exchange Online and Office 365 SharePoint Online as shown below;

 

Screenshot 2020-05-13 at 18.55.09.png

 

However, I still cannot see what your custom policy in Cloud App Security is doing?  Are you able to share the settings for this also please?

0 Likes
Reply