问题描述
我们现在使用Azure AD应用程序代理已超过一年,并且自过去两天开始随机返回302.
We are using Azure AD Application Proxy for over a year now and it started to return 302 randomly since the last 2 days.
我们通过App Proxy的外部网址访问我们内部托管的内部WebApi,我们使用访问令牌进行授权。
We are accessing our internal WebApi hosted on-premise through the App Proxy's external url and we use access token for authorization.
从上周日开始,它开始随机返回302 Found,类似于这样的响应:
Starting on last Sunday, it started to return 302 Found randomly, similar a response that look like this:
HTTP / 1.1 302 Found
内容长度:0
位置:https://login.microsoftonline.com/<tenantId>/oauth2/authorize?response_type=id_token&client_id=<clientId>& ;范围=的OpenID&安培;随机数= e7a73a84-926a-4666-a9b8-bae143c0ad08&安培; response_mode = form_post&安培; REDIRECT_URI = HTTPS%3A%2F%2F< externalName> .msappproxy.net%2F&安培;状态= AppProxyState%3A%7B%22InvalidTokenRetry% 22%3atrue%2C%22IsMsofba%22%3afalse%2C%22OriginalRawUrl%22%3A%22https%3A%5C%2F%5C%2F< externalName> .msappproxy.net%5C%2F<路径>%22%2c%22RequestProfileId%22%3a%2269a6ba6c-268e-4ede-9dd8-bdf57c31479c%22%7d%23EndOfStateParam%23
服务器:Microsoft-HTTPAPI / 2.0
Set-Cookie:AzureAppProxyAnalyticCookie_< ......> ;;路径= /
日期:星期二,2019年3月5日16:39:37 GMT
HTTP/1.1 302 Found
Content-Length: 0
Location: https://login.microsoftonline.com/<tenantId>/oauth2/authorize?response_type=id_token&client_id=<clientId>&scope=openid&nonce=e7a73a84-926a-4666-a9b8-bae143c0ad08&response_mode=form_post&redirect_uri=https%3a%2f%2f<externalName>.msappproxy.net%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3atrue%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2f<externalName>.msappproxy.net%5c%2f<path>%22%2c%22RequestProfileId%22%3a%2269a6ba6c-268e-4ede-9dd8-bdf57c31479c%22%7d%23EndOfStateParam%23
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: AzureAppProxyAnalyticCookie_<......>; path=/
Date: Tue, 05 Mar 2019 16:39:37 GMT
当直接在浏览器中点击网址时,我们可以看到重定向到login.microsoftonline.com一秒钟,然后它重定向回原始网址并处理请求,然后我们得到我们预期的WebApi响应。
When hitting the url directly in the browser, we can see the redirect to login.microsoftonline.com for a second, then it redirects back to the original url and the request is processed, then we get our expected WebApi response.
之前没有重定向,这是新的。
There was no redirect before, this is new.
问题是当我们以编程方式进行调用时,我们设置了授权:持票人< access_token>标题,但我们也收到302,这打破了我们所有的应用程序。
The issue is when we're making the call programmatically, we set the Authorization: Bearer <access_token> header but we also receive the 302, this is breaking all our applications.
任何人都知道上周日Azure端可能发生重大变化的更新?
也许与Set-Cookie有关的东西:现在需要AzureAppProxyAnalyticCookie?
Anyone aware of an update with potentially a breaking changes happening on Azure side last Sunday?
Maybe something related to Set-Cookie: AzureAppProxyAnalyticCookie being required now?
有什么想法吗?
推荐答案
我也看到了有些客户在遇到此问题时会报告使用服务器的热修复。
I've also seen some customers report using a hot fix for the server when facing this problem.
如果您仍有问题,请随时通过[email protected]与我联系并向我发送订阅ID,以便我可以为您提供免费技术支持。
If you still have an issue feel free to reach out to me at [email protected] and send me your subscription ID so I can enable you for free technical support.
这篇关于Azure AD应用程序代理开始随机返回302重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!