Jan 29 2019
- last edited on
Jan 14 2022
I am using OpenIdConnect for authentication and authorization with Azure AD in my application.
The application is deployed on Azure VM accessible through VPN and to make it available for users outside VPN we got suggestion to use Ping Access with Azure AD. I have few queries if we go with ping access:
1. When i will hit domain name say abc.com how it will reach to ping access ? Currently on hitting abc.com it resolves to server IP on which application is deployed.
2. I have gone through some articles and concluded that there will be two urls for the application one for users on VPN and other for non VPN users, is that correct ?
3. Do i need to change OpenIdConnect connect code in my application ?
Thanks & Regards,
Feb 03 2019 09:59 AM
I don't think PingAccess is necessary here. Publishing this with the App Proxy should be sufficient. As long as the internal URL is routable, you can use the same URL internally and externally.
Feb 03 2019 01:18 PM
Feb 03 2019 09:08 PM
Thanks for your reply. Yeah, i agree with you that we can achieve vpn-less access with application proxy but this is client decision to use Ping Access for this purpose. I will do some more R&D on application proxy and present Client possible ways to achieve without Ping Access.
Feb 03 2019 09:18 PM - edited Feb 03 2019 09:20 PM
Thanks for your response and sharing you tube link. Yes, our authorization server is Azure AD and we are using OpenIdConnect for authentication. I do agree with you that we can achieve vpn-less access without Ping Access but this is our client's organization process of achieving it through Ping Access. I am planning to present possible solutions without ping access to client but in case they still use ping access then i will have to change implementation of my application because currently my application authorization server is Azure AD and we are using OAuth Authorization code grant flow and using OpenIDConnect for authentication. Once we receive the authorization code from Azure AD, we request for the access tokens from Azure AD for our different O365 applications (SharePoint, Graph etc.) registered in Azure AD.
After integration with Ping Access my understanding is that we will receive required tokens (authorization code & app tokens) from Ping federate for our different applications. Is my understanding correct?
Feb 07 2019 12:21 PM