Jump to content

Filemaker Server 19.x Microsoft AD authentication. Firewall Ports needed?


Recommended Posts

I'm running a Filemaker Server 19.2 server behind a Cisco Firewall, and we're having problems with MS AD authentication being rejected.  We had it working for a while, but then it seems to have stopped working.  I'm trying to locate a definitive guide to what firewall ports need to be opened to which IP number(s) / range(s).  Some online documentation I read seemed to indicate that Microsoft's Azure servers need to connect directly to Filemaker Server, but this seemed to be wrong, as we could see it was the workstation PC that was requesting through Filemaker Server via port 443 (https) at the point when authentication was attempted, when we had it working OK earlier.

We can easily update from Server 19.2 to 19.3 if that's likely to help.  19.4 would require an OS update.

Link to comment
Share on other sites

You mention both AD and Azure?  Which are two different things.  Is this a normal old-school AD authentication or an OAuth-based Azure AD authentication?

Link to comment
Share on other sites

Hi - this is the one which is setup under External authentication in Filemaker Server, and where you register an "app" in the Microsoft Portal.  I'm not sure why I'm investigating this, as I'm just the hosting company.  But my client suspects it to be a hosting issue.

 

 

Screenshot 2022-04-28 at 10.21.37.png

Screenshot 2022-04-28 at 10.21.53.png

Screenshot 2022-04-28 at 10.22.24.png

Screenshot 2022-04-28 at 10.22.37.png

Screenshot 2022-04-28 at 10.26.26.png

Link to comment
Share on other sites

Ok, so not regular AD but Azure AD OAuth.

The white papers that Steven Blackwell and I authored on the subject and that you can download from the files section here, describe a step-by-step debugging process that allows you to perform each step in the authentication flow yourself and inspect the responses.

From the screenshots it doesn't look like a firewall issue since the redirect seems to work, so it could be an issue in the FMS config, the FMP file or on the Azure AD app side.  The debugging steps will tell you where the issue is.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.