Azure Active Directory integration with On Prem application

sagar sawant 31 Reputation points
2021-07-22T09:24:57.82+00:00

Hi All,
I am new to Azure world so apologies if I am repeating the question. I tried to search for similar questions but didn't find the answer.
My condition is as below

I have an set up which is entirely on prem. I have an Ubuntu VM where my application is hosted. The application do provide the feature to integrate with SAML2.
I don't have any local Active directory setup and I want to use Azure Active Directory. I configured the my Azure AD by registering new Enterprise application. Since I am using application which is hosted on my VM I am accessing it using http://localhost:8088 URL. My VM is not accessible on internet. My understand is that to configure or use Azure AD with on prem application the URL of the application should be accessible via Internet, Is my understanding correct? As now when I am trying configure the Identity URL in Enterprise application it using localhost (this is returned by default by my application)
116998-image.png

Regardd
Sagar

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,685 questions
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,636 Reputation points
    2021-07-27T05:58:05.903+00:00

    Are you able to test application sign from same VM? because when you try accessing it from same VM then request doesn't leave VM by this you can isolate the issue. If you get login failure on same VM then this might have caused by different issue than port 8088.

    To learn more about Debug SAML-based single sign-on to applications in Azure Active Directory
    Troubleshoot SAML-based single sign-on in Azure Active Directory

    Hope this helps.

    Regards,
    Siva

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,636 Reputation points
    2021-07-23T19:09:34.737+00:00

    Hello @sagar sawant ,

    Welcome to Azure word and we are happy to help you out!!

    Its not necessarily your application to be Internet facing always, because it depends on " How end users going to access your application from same network where application is hosted (like: within Corp , through VPN Network et..,) or connecting over internet " ?

    Lets say:

    • If end users accessing your application from same network (like: within Corp , through VPN Network etc..,) where application is hosted then your application doesn't have to be internet facing, as long as users able to access Azure AD authentication endpoint as well as application URL then it should work. Its worth to refer this article. (OR)
    • If end users accessing your application over internet then application must be Internet facing, because external users can't get direct access to your internal resources.

    Therefore, you need to setup environment such as Domain Name, Public IP, Firewall security aspect to make internal application available for external facing in above mentioned second scenario, In case if you don't have these setup in place for external facing then you can use Azure Active Directory's Application Proxy which provides secure remote access to on-premises web applications. To learn more, refer :

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy
    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy

    Hope this helps.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.