1 Reply Latest reply on Jul 14, 2017 10:50 AM by Jon Scholten

    Azure application HTTP 407 authenticationrequired


      I am trying to configure an vendor external application to work through Azure Active Directory. The application I am trying to federate resides on the vendor’s network over the internet, so I don’t have much access to it.

      Ran the application link in Firefox and used the “Live http Headers” add-on to capture the header information as it was being processed. When I click on the link in the office portal attempt to go to the application I get a 407 error.

      I can see that the link is being passed in the header:

      https://0007002.hosted.com/samlsp_ hosted

      GET / samlsp_ hosted HTTP/1.1

      Host: 0007002.hosted.com

      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0

      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

      Accept-Language: en-US,en;q=0.5

      Accept-Encoding: gzip, deflate, br

      Shows that Azure is the referrer

      Referer: https://account.activedirectory.windowsazure.com/applications/redirecttofederate dapplication.aspx?Operation=LinkedSignIn&applicationLinkName=

      Connection: keep-alive

      Upgrade-Insecure-Requests: 1

      Authorization and failing to go through proxy


      HTTP/1.1 407 authenticationrequired

      Via: (McAfee Web Gateway)


      I am already signed in onto my active directory account in Azure and launching the application from the “Apps” page. Is there a rule I need to configure through the gateway?

        • 1. Re: Azure application HTTP 407 authenticationrequired
          Jon Scholten



          A 407 does not necessarily indicate an error. It just means that authentication was requested. In your case, the Web Gateway is using NTLM authentication.


          The output you sent above is the first step of a 3 step process. The output doesnt show if authentication completed or failed.


          There is likely more requests that you did not send that would help us understand if authentication succeeded or failed.


          In general, I dont expect that 407 (proxy authentication) would interfere with the process.


          Best Regards,