25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 35%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHN%3C/text%3E%3C/svg%3E)
Were you able to determine the issue to get the headers to pass to your application? We are working through the same issue and can't get any useful headers.
Extracting headers, application proxy step 5.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 77%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jørgen Stamnes
1
Reputation point
Hi!
We have deployed a java-application (Groovy + grails) with an intent to test the functionality of Azure AD app proxy. Our last issue is extracting the header-based SSO information in the last step according to this guide: https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers
We've followed the instructions and installed an app-proxy-connector, everything works as intended, but we are struggling to get information about whom the login-activity came from, hence we're stuck.
The documentation states the following:
- The Admin customizes the attribute mappings required by the application in the Azure AD portal. [Check]
- When a user accesses the app, Application Proxy ensures the user is authenticated by Azure AD [Check]
- The Application Proxy cloud service is aware of the attributes required. So the service fetches the corresponding claims from the ID token received during authentication. The service then translates the values into the required HTTP headers as part of the request to the Connector. [Check]
- The request is then passed along to the Connector, which is then passed to the backend application. [X]
- The application receives the headers and can use these headers as needed. [X]
Steps done so far.
- Launched an LINUX AMI Virtual Machine on Azure (Mimicking our on-premise environment)
- Deployed our Java-application to that machine (systemctl + HAproxy and our Ansible scripts.)
- Installed an connector to our virtual private network.
- Configured app-proxy to direct our request through our connector and into our Java-application
- Added header-based SSO. Configured the custom header to include the information we need.
We've removed all forms of authentication from our application, just to test the "design". However, monitoring HTTP-requests gives us no trace of usable headers that we can use in order to "confirm" the authentication in our Java-application.
What are we missing in this equation?
Microsoft Security Microsoft Entra Microsoft Entra ID
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 20%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWH%3C/text%3E%3C/svg%3E)
warrell Harries 1 Reputation point2022-01-06T10:48:40.753+00:00 I can get two headers user and userobject (but only by reading the server-side request headers). Originally i also got the groups but they seem to have disappeared and now I can't get any other headers except for the two mentioned. THIS DOESN'T WORK AS ADVERTISED AND IS COSTING ME A LOT OF TIME IN CONTINUAL EXPERIMENTATION