本文介绍了Azure AD应用程序代理开始随机返回302重定向的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们现在使用Azure AD应用程序代理已超过一年,并且自过去两天开始随机返回302.

We are using Azure AD Application Proxy for over a year now and it started to return 302 randomly since the last 2 days.

我们通过App Proxy的外部网址访问我们内部托管的内部WebApi,我们使用访问令牌进行授权。 

We are accessing our internal WebApi hosted on-premise through the App Proxy's external url and we use access token for authorization. 

从上周日开始,它开始随机返回302 Found,类似于这样的响应:

Starting on last Sunday, it started to return 302 Found randomly, similar a response that look like this:

HTTP / 1.1 302 Found

内容长度:0

位置:https://login.microsoftonline.com/<tenantId>/oauth2/authorize?response_type=id_token&client_id=<clientId>& ;范围=的OpenID&安培;随机数= e7a73a84-926a-4666-a9b8-bae143c0ad08&安培; response_mode = form_post&安培; REDIRECT_URI = HTTPS%3A%2F%2F< externalName> .msappproxy.net%2F&安培;状态= AppProxyState%3A%7B%22InvalidTokenRetry% 22%3atrue%2C%22IsMsofba%22%3afalse%2C%22OriginalRawUrl%22%3A%22https%3A%5C%2F%5C%2F< externalName> .msappproxy.net%5C%2F<路径>%22%2c%22RequestProfileId%22%3a%2269a6ba6c-268e-4ede-9dd8-bdf57c31479c%22%7d%23EndOfStateParam%23

服务器:Microsoft-HTTPAPI / 2.0

Set-Cookie:AzureAppProxyAnalyticCookie_< ......> ;;路径= /

日期:星期二,2019年3月5日16:39:37 GMT

HTTP/1.1 302 Found
Content-Length: 0
Location: https://login.microsoftonline.com/<tenantId>/oauth2/authorize?response_type=id_token&client_id=<clientId>&scope=openid&nonce=e7a73a84-926a-4666-a9b8-bae143c0ad08&response_mode=form_post&redirect_uri=https%3a%2f%2f<externalName>.msappproxy.net%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3atrue%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2f<externalName>.msappproxy.net%5c%2f<path>%22%2c%22RequestProfileId%22%3a%2269a6ba6c-268e-4ede-9dd8-bdf57c31479c%22%7d%23EndOfStateParam%23
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: AzureAppProxyAnalyticCookie_<......>; path=/
Date: Tue, 05 Mar 2019 16:39:37 GMT

当直接在浏览器中点击网址时,我们可以看到重定向到login.microsoftonline.com一秒钟,然后它重定向回原始网址并处理请求,然后我们得到我们预期的WebApi响应。

When hitting the url directly in the browser, we can see the redirect to login.microsoftonline.com for a second, then it redirects back to the original url and the request is processed, then we get our expected WebApi response.

之前没有重定向,这是新的。

There was no redirect before, this is new.

问题是当我们以编程方式进行调用时,我们设置了授权:持票人< access_token>标题,但我们也收到302,这打破了我们所有的应用程序。

The issue is when we're making the call programmatically, we set the Authorization: Bearer <access_token> header but we also receive the 302, this is breaking all our applications.

任何人都知道上周日Azure端可能发生重大变化的更新?

也许与Set-Cookie有关的东西:现在需要AzureAppProxyAnalyticCookie?

Anyone aware of an update with potentially a breaking changes happening on Azure side last Sunday?
Maybe something related to Set-Cookie: AzureAppProxyAnalyticCookie being required now?

有什么想法吗?

推荐答案

我也看到了有些客户在遇到此问题时会报告使用服务器的热修复。

I've also seen some customers report using a hot fix for the server when facing this problem.

如果您仍有问题,请随时通过[email protected]与我联系并向我发送订阅ID,以便我可以为您提供免费技术支持。

If you still have an issue feel free to reach out to me at [email protected] and send me your subscription ID so I can enable you for free technical support.


这篇关于Azure AD应用程序代理开始随机返回302重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-21 09:02