Jump to content

Filemaker Server 19.x Microsoft AD authentication. Firewall Ports needed?


This topic is 400 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I'm running a Filemaker Server 19.2 server behind a Cisco Firewall, and we're having problems with MS AD authentication being rejected.  We had it working for a while, but then it seems to have stopped working.  I'm trying to locate a definitive guide to what firewall ports need to be opened to which IP number(s) / range(s).  Some online documentation I read seemed to indicate that Microsoft's Azure servers need to connect directly to Filemaker Server, but this seemed to be wrong, as we could see it was the workstation PC that was requesting through Filemaker Server via port 443 (https) at the point when authentication was attempted, when we had it working OK earlier.

We can easily update from Server 19.2 to 19.3 if that's likely to help.  19.4 would require an OS update.

Link to comment
Share on other sites

Hi - this is the one which is setup under External authentication in Filemaker Server, and where you register an "app" in the Microsoft Portal.  I'm not sure why I'm investigating this, as I'm just the hosting company.  But my client suspects it to be a hosting issue.

 

 

Screenshot 2022-04-28 at 10.21.37.png

Screenshot 2022-04-28 at 10.21.53.png

Screenshot 2022-04-28 at 10.22.24.png

Screenshot 2022-04-28 at 10.22.37.png

Screenshot 2022-04-28 at 10.26.26.png

Link to comment
Share on other sites

Ok, so not regular AD but Azure AD OAuth.

The white papers that Steven Blackwell and I authored on the subject and that you can download from the files section here, describe a step-by-step debugging process that allows you to perform each step in the authentication flow yourself and inspect the responses.

From the screenshots it doesn't look like a firewall issue since the redirect seems to work, so it could be an issue in the FMS config, the FMP file or on the Azure AD app side.  The debugging steps will tell you where the issue is.

Link to comment
Share on other sites

  • 9 months later...

This topic is 400 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.