Missing IWA and Application Proxy screen problem

Question

I'm trying to add AAD Application Proxy settings to an existing enterprise app registration. I suspect this app was registered differently than others I've configured App Proxy for. On the "Single Sign-On" screen the disabled and SAML tiles are there, but not the IWA or Header tiles. On the "application proxy" screen an error message that says, "Unable to complete due to service connection error. Please try again later." is shown. Any idea why this app is missing or erroring on these screens and if it can be changed to get these settings to work?

Answer 1

Hello, Are you sure you have the right permissions to access the application proxy? I.e. in the IAM section for the enterprise application you have the correct rulings to work with the application proxy?

If you're still having an issue here, please email AzCommunity[at]microsoft[dot]com and I can enable a one time free support ticket. Please provide your Azure Subscription GUID and a reference to this thread. And hopefully we can get you on the right path again soon. 

Please see : https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/

On how to get a subscription GUID.

In addition to that once you are able to resolve your issue with the support engineer, please post your response on this thread so that future readers will be able to benefit from your solution. 

Answer 2

Is this application added as an On-premises Application to your tenant. In order to use Application Proxy you need to add your enterprise application as On-premises applications. Once you add your on-premises application to your directory then you would be able to see the Application proxy tab to configure the proxy for the application. Please refer to the documentation - Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory

Answer 3

"the right permissions to access the application proxy?"

I'm a global administrator, and I'm not sure what you mean by "IAM section for the enterprise application". User assignment isn't required in the application properties and the "permissions" doesn't seem relivant.

To answer the question in another response, I don't know how the application was added. It was done by someone else that isn't accessible.

I decided to create a new on-premises application to setup the application proxy. This is for an on-prem SharePoint installation. Frankly, I don't whether or not this matters, because I don't totally understand where the permissions applied to the original "application" apply and where permissions for this application created for application proxy apply. My understanding is that the identity of the original application is used in javascript widgets on some SharePoint pages and allows for delegation of permissions to other Azure AD access controlled in-house applications.

This isn't really an answer,but the comment functionality doesn't seem to work. Clicking the submit button does nothing.

Answer 4

Sorry to hijack this thread, but I am wondering if you were able to make any progress? The even stranger thing in my case is that I was previously able to access the AA Proxy blade for this integration but it suddenly threw the same error (behaviour as above) and I haven't been able to get back into the blade.

I am able to access the AA Proxy blade for our other handful of apps using the AA Proxy however and I am using a GA account so perms shouldn't be an obstacle.

Thanks,

Chris

Answer 5

Was there ever a solution or at least an explanation for this problem? We are experiencing the same issue as Chris Wallace with an app proxy that worked for a year. Now, we can't access both the app proxy and its configuration,

Michael