Entra application proxy to Business Central for single sign on Entra ID Users via External Public URL Hi,
We have implemented Azure Entra Application Proxy in the environment together with the Business Central to authenticate Entra ID Users to login via External URL from Internet.
However when accessing the External URL from Internet, its getting redirected to the Private URL of the Appl With Error: AADSTS50011
When we add this Private URL 'https://PrivateURL:8443/ApplicaitonPage/SignIn' into the Azure Redirect URI Page, this will work fine when when connecting from the internal network as the private URL DNS resolve and the Authentication is successful to the Business Central using Entra ID User. But it fails when connecting in Public network as Private URL is not resolvable in Internet.
Based on below AADSTS50011 KB from Microsoft, its due to the Reply URL that is triggered from the Business Central Application.
late reply, but i found your post when trying to find a solution for this exact problem we had while testing the updated BC24 in UAT. BC18 used WSFederation where you could define a fixed reply URI in the WSFederation settings. Now that WSFederation is no more and OpenID is used, this reply URI cannot be set in the options and the behavior we both experienced is kicking in.
Weirdly enough, we got it running by DISABLING the standard setting "Translate Urls in headers" in the advanced tab of the application proxy. No, i still can't explain why this would fix it, but it does. We updated the ticket with Microsoft with our finding and asked them to clarify why this actually fixes the problem and i will update this here if and when i get the answer.
Hope this will be reproduceable in your environment as well. Good luck!
Was this reply helpful?YesNo
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
2
Share
Report
All responses (
Answers (
