Azure AD App Proxy Question

Irish84 1 Reputation point
2021-05-18T15:14:24.113+00:00

Hi All,

I want to setup azure application proxy to provide access to our time and attendance system for users to book holidays outside the office. Internally they go to http://servername/TMSV8/tms/ I've added that in as the internal URL in Azure. When I go to the external link to test it brings me to the TMS login page I enter a test employee login details and then get a HTTP Error 403.0 - Forbidden. I've allowed the required URL's into the firewall but still didn't work. Doing a bit of research I found " Make sure Port 80 and 443 is allowed outbound to Azure Proxy Services" Would anyone know what the Azure Proxy Services are as don't want to open port 80 to the wild?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,713 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,566 Reputation points
    2021-06-04T17:57:49.873+00:00

    Hello @Irish84 ,

    Thanks for reaching out and sincere apologies for the delay on this. We are constantly trying to reduce our answer time and in coming days you will see a significant improvement here. So we appreciate you posting your future queries here.

    You just have to open port 80/HTTP from firewall only on these URLs not your internal app URL, because the connector uses these URLs to verify certificates.

    HTTP Error 403.0 - Forbidden is more related and caused due to the user is not authorized to access the application. This error can happen either when the user is not assigned to the application in Azure Active Directory, or if on the backend the user does not have permission to access the application.

    In addition to that, you may have problems with your application rendering or functioning incorrectly without receiving specific error messages. This can occur if you published the article path, but the application requires content that exists outside that path.

    For example, if you publish the path https://yourapp/app but the application calls images in https://yourapp/media, they won't be rendered. Make sure that you publish the application using the highest level path you need to include all relevant content. In this example, it would be http://servername/ instead of http://servername/TMSV8/tms/.

    Here is detailed troubleshooting guidance:

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-sign-in-bad-gateway-timeout-error
    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-troubleshoot

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.