I'm running a Filemaker Server 19.2 server behind a Cisco Firewall, and we're having problems with MS AD authentication being rejected.  We had it working for a while, but then it seems to have stopped working.  I'm trying to locate a definitive guide to what firewall ports need to be opened to which IP number(s) / range(s).  Some online documentation I read seemed to indicate that Microsoft's Azure servers need to connect directly to Filemaker Server, but this seemed to be wrong, as we could see it was the workstation PC that was requesting through Filemaker Server via port 443 (https) at the point when authentication was attempted, when we had it working OK earlier.

We can easily update from Server 19.2 to 19.3 if that's likely to help.  19.4 would require an OS update.

You mention both AD and Azure?  Which are two different things.  Is this a normal old-school AD authentication or an OAuth-based Azure AD authentication?

Hi - this is the one which is setup under External authentication in Filemaker Server, and where you register an "app" in the Microsoft Portal.  I'm not sure why I'm investigating this, as I'm just the hosting company.  But my client suspects it to be a hosting issue.

 

 

Ok, so not regular AD but Azure AD OAuth.

The white papers that Steven Blackwell and I authored on the subject and that you can download from the files section here, describe a step-by-step debugging process that allows you to perform each step in the authentication flow yourself and inspect the responses.

From the screenshots it doesn't look like a firewall issue since the redirect seems to work, so it could be an issue in the FMS config, the FMP file or on the Azure AD app side.  The debugging steps will tell you where the issue is.

Hi, can you please indicate the exact location from where we can download the white paper?

Thank you

https://fmforums.com/files/category/4-white-papers/