Azure AAD login is giving 302 Invalid Token Retry

Sweha 6 Reputation points
2021-02-27T20:19:55.087+00:00

We have two application proxy A (external url: https://a.appproxy.com) and B( https://b.appproxy.com), both under the Azure AD SSO Preauth. User can login to both of them individually in two different browser sessions where they get prompted for azure ad credentials followed by a verification code. A has some logic that makes rest service requests to B. A and B internally point to two applications that are in two different servers. A user, when logs in to https://a.appproxy.com from an external network, is getting 302 url redirect for https://b.appproxy.com/services. This is what is captured through fiddler. In the browser console, it is pointing to cors error. If the user opens another browser session and authenticates it to https://b.appproxy.com and goes back to the browser session for https://a.appproxy.com, then the page for application A loads fine with all the data. If the user logs in from the organization network with external url, there is no issue. How can this issue is resolved so that when the user logs in to application A, it delegates the authentication to application B and is able to authenticate using the same credential token. The IIS of both applications are configured to use the windows authentication and their app pool runs as a domain or service account.

Thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,381 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2021-03-01T10:56:26.903+00:00

    Hello @Sweha ,

    Thanks for reaching out.

    I could think of two different potential issues in this scenario, one is "Invalid Token" and then second one is "CORS issue".

    Invalid Token error, might have caused due to incorrect Kerberos constrained delegation for Application Proxy, read this article for Troubleshooting Kerberos constrained delegation

    and for CORS issue, the following article is worth checking out as it speaks about common issues and resolution: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-understand-cors-issues

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.