I am trying to configure an vendor external application to work through Azure Active Directory. The application I am trying to federate resides on the vendor’s network over the internet, so I don’t have much access to it.
Ran the application link in Firefox and used the “Live http Headers” add-on to capture the header information as it was being processed. When I click on the link in the office portal attempt to go to the application I get a 407 error.
I can see that the link is being passed in the header:
GET / samlsp_ hosted HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Accept-Encoding: gzip, deflate, br
Shows that Azure is the referrer
Authorization and failing to go through proxy
Proxy-Authorization: NTLM TlRMTVAACAAAAAAAAAAAAAAAFomgJL4zFmBxcAAAAAAAAAAAAAAAAAA
HTTP/1.1 407 authenticationrequired
Via: (McAfee Web Gateway)
I am already signed in onto my active directory account in Azure and launching the application from the “Apps” page. Is there a rule I need to configure through the gateway?
A 407 does not necessarily indicate an error. It just means that authentication was requested. In your case, the Web Gateway is using NTLM authentication.
The output you sent above is the first step of a 3 step process. The output doesnt show if authentication completed or failed.
There is likely more requests that you did not send that would help us understand if authentication succeeded or failed.
In general, I dont expect that 407 (proxy authentication) would interfere with the process.