question

Irish84-9974 avatar image
0 Votes"
Irish84-9974 asked sikumars commented

Azure AD App Proxy Question

Hi All,

I want to setup azure application proxy to provide access to our time and attendance system for users to book holidays outside the office. Internally they go to http://servername/TMSV8/tms/ I've added that in as the internal URL in Azure. When I go to the external link to test it brings me to the TMS login page I enter a test employee login details and then get a HTTP Error 403.0 - Forbidden. I've allowed the required URL's into the firewall but still didn't work. Doing a bit of research I found " Make sure Port 80 and 443 is allowed outbound to Azure Proxy Services" Would anyone know what the Azure Proxy Services are as don't want to open port 80 to the wild?

azure-active-directoryazure-ad-application-proxy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks, Siva Kumar Selvaraj

0 Votes 0 ·

1 Answer

sikumars avatar image
0 Votes"
sikumars answered sikumars commented

Hello @Irish84-9974,

Thanks for reaching out and sincere apologies for the delay on this. We are constantly trying to reduce our answer time and in coming days you will see a significant improvement here. So we appreciate you posting your future queries here.

You just have to open port 80/HTTP from firewall only on these URLs not your internal app URL, because the connector uses these URLs to verify certificates.

HTTP Error 403.0 - Forbidden is more related and caused due to the user is not authorized to access the application. This error can happen either when the user is not assigned to the application in Azure Active Directory, or if on the backend the user does not have permission to access the application.

In addition to that, you may have problems with your application rendering or functioning incorrectly without receiving specific error messages. This can occur if you published the article path, but the application requires content that exists outside that path.

For example, if you publish the path https://yourapp/app but the application calls images in https://yourapp/media, they won't be rendered. Make sure that you publish the application using the highest level path you need to include all relevant content. In this example, it would be http://servername/ instead of http://servername/TMSV8/tms/.

Here is detailed troubleshooting guidance:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-sign-in-bad-gateway-timeout-error
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-troubleshoot

Hope this helps.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @sikumars-msft

On the firewall all that needs to done is opening port 80 and 443 to the url's outlined in the Microsoft document?

0 Votes 0 ·

Yes you are right, just opening port 80 and 443 to the url's outlined in the Microsoft document. Hope this helps.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·

Hope above answer helped you, please don’t forget to click Accept the answer and Up-Vote . Thanks.

0 Votes 0 ·