We are trying to establish SSO from Azure AD to an application, with a proxy in the middle. Assume the application URL is: example.app.com and the proxy URL is example.proxy.com. We would like Azure AD to send the SAML Response to example.proxy.net instead of sending it to example.app.com.
We were able to make this setup work in Okta, by setting the following values on our SAML 2.0 application:
Single sign on URL: https://example.proxy.net/login
Recipient URL: https://example.app.com/login
Destination URL: https://example.app.com/login
Audience URI (SP Entity ID): https://example.app.com/login
As you can see, we override the Single sign on URL with the proxy URL and then have to explicitly set the rest of the URL in order for the SAML assertion to be accepted by the application. In Okta, the description of the Single sign-on field says: The location where the SAML assertion is sent with a HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for your application.
We are trying to recreate the same setup in Azure AD using an Enterprise Application but we can't find the equivalent field in Azure to Okta's Single sign-on in order for Azure to send the HTTP POST to our proxy. Can you help us find that field?