How to troubleshoot ADFS OIDC connectivity

Question

I'm currently having a challenge trying to authenticate via OpenID Connect against an ADFS instance hosted in Azure. I have a server-based ASP.NET Core MVC app hosted on its own VM in Azure along with a proxy service (hosted on the same VM) that I'm using to route requests through from the app to ADFS. I can run the app and proxy on localhost and successfully connect to ADFS and display the login page, however, when I run my app and proxy from the Azure VM I get the error: "IDX20804: Unable to retrieve document from: [ADFS server]/adfs/.well-known/openid-configuration". I can directly browse to the OpenID Connect discovery document being served from my ADFS instance and display it. In terms of setup, I've registered my proxy as both a Server application and a Web API under Application Groups in ADFS. The Redirect URI in each case correctly points back to my proxy. Redirect URI is in the format: https://[public DNS name]:port. My MVC app has also been registered as a Relying Party Trust in ADFS. I did also try registering my MVC app as a Server application under Application Groups but this didn't make a difference. I did try and enable the Trace Log as outlined in MS docs but didn't get any logged information related to this issue.

Would really appreciate any info on how to troubleshoot this error and identify the root cause.

FYI - my ADFS product version is: 10.0.14393.4046

Answer 1

Problem solved. Had to update the inbound rules for the NIC on my ADFS VM to allow the request coming from the public IP of the VM hosting my MVC app. Once I did that, I was presented with the ADFS login screen via the OIDC request created from my proxy.