Share via

can't redirect correctly after SSO in Edge which have Intune installed in iOS device and corp. VPN was installed and force Edge to go via VPN

Michelle Zhang 0 Reputation points
2024-08-30T08:19:30.7433333+00:00

Background:

  • My Web App:

React + msal-react / msal-broswer for AD login

  • Azure AD

registered a client app for my frontend login and set redirect url

  • How it works:

when user login, my frontend will communicate with AD directly via msal instance

once AD logged in and redirect back to my page

my Frontend will call backend with idToken and Backend will extra user info from idToken and create my own cookie session for following requests.

  • in iOS device

I have install Intune for the my corporate login, which will install e.g. MS defender in my device after login, and also an extra VPN will be set which will force Edge to go through mtunnel (type: scmx). This is only for PRODUCTION

Test Case

My app works well in any browsers in desktop with the corp login (in testing/prod env)

My app works in other browsers in IOS device (coz' it didn't go through VPN)

in Edge, when i click login, it went through the SSO, yet i can't get correct response from Azure AD for the logged in user, and my page keep waiting for the AD response.

according to some captured requests for Edge, i can see it calls lots of request from edge for the login and i can even see some requests go through an WSS API and a PUT https://emea.presence.teams.microsoft.com/v1/me/endpoints, after that, I can see a (null) (null) request, i dont know what it is, but wondering if this is the request that trying to call my backend yet failed, because Edge didn't get the correct redirect url since it's not going through my client application registered in Corp tenant. This only happen in my client's network, we can't simulate it in any testing env coz' we don't have actual production account for testing corp. login and no intune setup.

Please advice, how I can troubleshoot this issue and how to solve. Thanks

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Edge | Microsoft Edge development
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-09-02T07:25:54.48+00:00

    Hi @Michelle Zhang ,

    Please make sure you have added the broker application (like Company Portal or Microsoft Authenticator) to the VPN list, so they are permitted to use the VPN. Otherwise, the authentication should be blocked .

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

    Shijie Li

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.