URL Rewrite, ARR and SSO AzureAD with OWIN OpenIdConnect using wrong URL

Question

I am currently using the IIS URL Rewrite Module and Application Request Routing on a server in the DMZ to forward requests to a web application running on an internal server.

The application which is deployed on the internal server has SSO which includes Azure AD using OWIN pipeline and openIdConnect.

When a user selects the authenticate using AzureAD option instead of being redirected to the https://login.microsoftonline.com/<tenantname>/... they are redirect to http://my.company.com/<tenantname>/... where http://my.company.com is the URL used to access the application from the DMZ.

The SSO works for all internal instances i.e. where request are not being forwarded in a reverse proxy scenario.

Why is this happening when using URL Rewrite and ARR?

score 2 · Accepted Answer · edited May 23 '17 at 12:25

2

Unchecking the Reverse rewrite host in response headers checkbox under Application Request Routing Cache > Server Proxy Settings solved this issue.

Reverse rewrite host in response headers (checked)

ARR will rewrite the host name in the location header of a 301 response to the original host.

edited May 23 '17 at 12:25

Community

1
1

answered Jan 13 '17 at 12:32

clD

2,523
2
22
38

having the same issue... uncheking "revererse rewrite host" didn't help... – mk_yo Jul 19 '19 at 16:23

URL Rewrite, ARR and SSO AzureAD with OWIN OpenIdConnect using wrong URL

1 Answers1