can we use the Application Gateway itself to publish the internal ADFS Servers without using web application proxy server to eliminate the complexity and reduce the infrastructure requirements , i have seen articles to use other WAF devices like netscaler or fortinet , will this be possible with the application gateway?
Azure Application Gateway Adfs
DOWNLOAD: https://urluss.com/2vIoNR
When incoming X-ORIGINAL-HOST is s4hanatesting.eastus2.cloudapp.azure.com, it will set the host header as s4hanatesting.eastus2.cloudapp.azure.comAfter performing above step, perform proxy test again _test/test_proxy.htmAs you can now see, Application Gateway HTTP host header is preserved in Web Dispatcher.
So now the question arises, whether to maintain HTTPURLLOC in AS ABAP system or not? The HTTPURLLOC table must be configured if no Web Dispatcher Access Points are used, or in all cases if the start URL must be generated from the AS ABAP system.In our example, Web Dispatcher Access points are being used because we maintained wdisp/handle_webdisp_ap_header = 1 parameter in Web Dispatcher (as mentioned in earlier blog).Now for ABAP system to start BSP application like transaction code SAML2, SOAMANAGER etc., there is no incoming HTTP request available, and thus, no information is available about the proxy. If such a scenario is to be supported, then the relevant info must be configured in HTTPURLLOCNOTE: The sort sequence is of importance when a start URL is to be generated. In this case, the first entry in sort sequence is used to generate the URL. So, if the start URLs are always to be generated to be via the proxy, place these entries first. For example, in our case when we enter SOAMANAGER transaction in ABAP system, it will always open application using s4hanatesting host and port.Run the proxy test again. We can now see all reverse proxy configuration test got passed.
Creating new custom roles could be tricky, but it can be accomplished by manipulating the manifest of the application. Read more from: -us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
There are other common causes for 502 errors such as NSG , User Defined Route, Custom DNS, Health Probe, and Empty BackendAddressPool issues. See the troubleshooting guide for solutions: -us/azure/application-gateway/application-gateway-troubleshooting-502
If you check the backend health of the application gateway you will see the error like this "The root certificate of the server certificate used by the backend does not match the trusted root certificate added to the application gateway. Ensure that you add the correct root certificate to whitelist the backend"
When you deploy to the app service, it is likely that you are getting an application recycle and while the application warms up, the gateway will throw 502 errors for a while until the application is completely up and running. 2ff7e9595c
Comments