Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Antonio_Martins
Contributor

Web Application on Mobile Access Portal with Azure AD Oauth

Hi,

 

I'm having trouble to deploy internal portal that authenticates against azure AD using OAuth. Client is getting this error message when redirected to authentication page:

 

Error: Access denied. The destination of your request has not been configured, or you do not have authorization to access it.

Reject ID: d2735b3b-510667-9e4c837c

Rejected URL: https://login.microsoftonline.com/xxxxxx.com/oauth2/authorize?scope=User.Read+User.ReadBasic.All+Use...

 

 

Thanks

0 Kudos
12 Replies
PhoneBoy
Admin
Admin

Precisely which portal are you referring to?

0 Kudos
Antonio_Martins
Contributor

Mobile portal web app:

2020-07-17 08_51_00-Check Point Mobile - Main.png2020-07-17 08_51_35-Check Point Mobile - Access denied. The destination of your request has not been.png

0 Kudos
abihsot__
Advisor

do you have DNS object (if I correctly calling it) defined and allowed for the user?

0 Kudos
Antonio_Martins
Contributor

Yes I have:

antonio.png

0 Kudos
abihsot__
Advisor

do you have something here? It is the old SmartDashboard

image.png

0 Kudos
Antonio_Martins
Contributor

I was translating all domains. After I've changed for internal domains only I'm able to authenticate in microsoft but after that I'm not redirected to internal URL and not portal URL.

0 Kudos
PhoneBoy
Admin
Admin

What version of gateway?
If not R80.40, you might need to upgrade.
@AndreiR 

0 Kudos
Antonio_Martins
Contributor

Gateways in R80.40.

0 Kudos
AndreiR
Employee
Employee

@PhoneBoy , sorry, this is out of my domain.

0 Kudos
PhoneBoy
Admin
Admin

Have you configured a SAML provider on the gateway?
This is required for Mobile Access to leverage SAML authentication.
See: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_IdentityAwareness_AdminGuide... mobile access

 

0 Kudos
Antonio_Martins
Contributor

How can that help on Web app? SSO?

0 Kudos
PhoneBoy
Admin
Admin

You could use it for SSO, yes.

0 Kudos