I am trying to take the APIs we host in our local data center and publish them to the WWW with an Azure App Proxy . Conceptually it makes sense, however I am running into issues with authentication. Here’s a diagram of my basic architecture:
I can authenticate into Azure AD the first time, but it appears that after the initial Azure AD authentication PSU get’s hung up on on the OIDC authentication. I believe that PSU is trying to Authenticate again to Azure AD. I get a 500 error when I browse to my Azure Enterprise App URL.
To test this out I disabled OIDC and was able to browse to the external login page for PSU without an issue.
So my question becomes two fold: 1. Is there a way to pass the auth token from the first Azure AD session so we aren’t doing OIDC the second time? and 2. If I want to enforce MFA and allow users and computers to access my on-prem instance of PSU (APIs and Dashboards) is this the best approach? Or should I just turn off OIDC and control everything from the App Proxy?
Comments and suggestions welcome - thanks
Product: PowerShell Universal Version: 2.5.2