1. Jason Frost
  2. PowerServer
  3. Saturday, 2 April 2022 03:14 AM UTC

We have a PS app working fine with internal URLs, cloud servers, all over https, but as we want external access to the application we have created external URLs.  Access to external URLs is controlled by MS AppProxy.  

We can access the URLs through the browser and get the .Net screens etc., but when we try and run the app the cloud app launcher kicks off and then fails.  It appears that the deploylist.ini and LauncherSetup.json get intercepted somehow.  For example, the deploylist.ini should contain this:

[Public]
MinimumValidVersion=5.01
[5.01]
OnlineTime=2021-10-28 23:26:28
OfflineTime=2031-10-28 23:26:28

 

but actually contains this (and a whole lot more):

 

<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYPE html>
<html>
<head>
<title>Redirecting</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta name="PageID" content="BssoInterrupt" />
<meta name="SiteID" content="" />
<meta name="ReqLC" content="1033" />
<meta name="LocLC" content="en-US" />


<meta name="robots" content="none" />

<script type="text/javascript">//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/f66fae02-5d36-495b-bfe0-78a6ff9f8e6e/oauth2/authorize?response_type=code\u0026client_id=449b19ed-7753-47b4-9f39-45f21227e5e5\u0026scope=openid\u0026nonce=7c5553c3-9c40-4ab4-8e96-659f11b8f965\u0026redirect_uri=https%3a%2f%2funiprom.unilever.com%2f\u0026state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2funiprom.unilever.com%5c%2funiprom%5c%2fdeploylist.ini.zip%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2268e72609-1234-43a4-9ecd-b592de8fe3fb%22%7d%23EndOfStateParam%23\u0026client-request-id=68e72609-1234-43a4-9ecd-b592de8fe3fb\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","urlReportPageLoad":"https://login.microsoftonline.com/common/instrumentation/r

I just wondered if anyone had experience of this?  I'm guessing that AppProxy is giving some sort of redirect instruction that the Cloud App Launcher can't interpret.

Thanks

Ken Guo @Appeon Accepted Answer Pending Moderation
  1. Monday, 4 April 2022 05:46 AM UTC
  2. PowerServer
  3. # 1

Hi Jason,


Do you see some error messages, if so, please send them to us, and also send the following logs to us for analysis:
%LocalAppData%\Launcher\log
%LocalAppData%\LauncherWithService\log
%AppData%\PBApps\Applications\[appname]\log

 

Regards,

Ken

Comment
There are no comments made yet.
Logan Liu Accepted Answer Pending Moderation
  1. Monday, 4 April 2022 09:09 AM UTC
  2. PowerServer
  3. # 2

Hi Jason,

Does the "MS AppProxy" means Application Proxy? Application Proxy is a feature of Azure AD.

Do you mean that there must be a valid access token before requesting a .json or .ini file from your Web Server? Otherwise, the request will be redirected to another authentication URL?

 

Regards,

Logan

Comment
There are no comments made yet.
Jason Frost Accepted Answer Pending Moderation
  1. Monday, 4 April 2022 11:07 AM UTC
  2. PowerServer
  3. # 3

The application authenticates when you first access the url.

Here are the errors given:

2022-04-04 20:41:28.446 ERROR [5772] Application terminated.
2022-04-04 20:41:28.446 ERROR [21328] C:\Users\Jason.Frost2\AppData\Roaming\PBApps\Download\uniprom-qa.unilever.com_uniprom\deploylist.ini the file is empty
2022-04-04 20:41:25.670 ERROR [21328] Failed to parse the file "C:\Users\Jason.Frost2\AppData\Roaming\PBApps\Download\LauncherSetup.json". Error: "Invalid value.", offset: 2.
2022-04-04 20:41:22.224 INFO [11464] Application command line parameter:
2022-04-04 20:41:22.224 INFO [11464] Application name: uniprom
2022-04-04 20:41:22.224 INFO [11464] Application path:
2022-04-04 20:41:22.224 INFO [11464] Application server port: 443
2022-04-04 20:41:22.224 INFO [11464] Application host name: uniprom-qa.unilever.com
2022-04-04 20:41:22.224 INFO [11464] Application protocol: https

 

Launcher log files attached.  The application log file doesn't exist as the app hasn't been downloaded yet (for that url).

I have also attached the full deploylist.ini that it creates.  LauncherSetup.json is identical to this.

Thanks.

Attachments (1)
Comment
  1. Jason Frost
  2. Thursday, 7 April 2022 05:14 AM UTC
Your theory is good, I thought it might solve the problem, but I tried it and it made no difference. This is from my launcher.js:



function getCookie(){

var strCookie = "";

strCookie = document.cookie;

return strCookie;

}



function getCmdline(Url){

var strCookie = getCookie();

var strUrl = Url;

if(strCookie.length > 0)

{

strUrl += " -cookie ";

strUrl += strCookie;

}

return strUrl;

}



I also tried different browser and cleared the cookies, but always the same result. Also restarted IIS etc..

The full returned file is in the zip attached to the other response if you get a minute to look at it?
  1. Helpful
  1. Jason Frost
  2. Thursday, 7 April 2022 06:22 AM UTC
Hi again Logan, I had a thought about the cookie: the help guide says "you must set the cookie in the key-value pairs, for example, "key1=value1; key2=value2", so I thought I would look at the cookie and the below is what I found. Do you think this doesn't conform?



Name

AzureAppProxyPreauthSessionCookie_653a3cb9-0083-4305-bd38-5257510de066_0c66ffc0-0341-420b-8572-47abbb09d52d_1.4



Content

3|tRaL5OFEmQd9M2dHUYHNq3BnIgBQsn08Gp0XdDe0eDYT4UYenpQ6kAOAJeoJVjqP6gj/PKd+GNCUwyQ5Ex8iHjL7Wm/mM2CeLRKSqo5h/2i8mPpu4Lip4oh19giEsitoTJBAEl+ikWgces3EnwmUASInJu4Pv2emjF55N3UNrAd9hV/p+CSvzmFFyDw2l22xatTrrEaP46Xq8NKO+1es48LtsIbO8ahCdTnHovrJo6kA+lf1FCAivvS1n9bcaxay7OVRfdinSuhPW1rinOgLl4MbStehBnfUuyNYqJvnopb+uRXBgLtw/+Vd+TuQbtRf
  1. Helpful
  1. Logan Liu
  2. Friday, 8 April 2022 10:07 AM UTC
Hi Jason, you need to check with your IT to know more about your authentication setup. For example, is local automatic single sign-on implemented and redirection can be done automatically in the browser? I can see the redirection in your HTML file.

I found some relevant information for you but don't have the same environment to verify them:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-cookie-settings

https://stackoverflow.com/questions/63633796/how-to-get-and-set-the-azureappproxyaccesscookie-programatically-to-access-on-pr

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-cookie-settings

Maybe it can be easier to try your cookie settings in PostMan to see whether you can GET the .ini file.

If you can't solve this issue by setting cookies, please report it via our support ticketing system to ensure it is being properly received by our tech support and tracked at: https://www.appeon.com/standardsupport/.

Regards, Logan
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.