Azure Front Door custom domain with Power Pages causing ExternalAuthenticationFailed during Azure AD login

admin

I am trying to configure a custom subdomain for a Power Pages website using Azure Front Door as the entry point. The DNS is managed externally.

Setup

  • Power Pages site has the default URL: *.powerappsportals.com
  • A custom subdomain is configured to access the portal through Azure Front Door.
  • Azure Front Door uses the Power Pages URL as the origin.
  • Front Door managed TLS certificate is enabled for the custom domain.

Configuration Completed

  1. Created Azure Front Door profile.
  2. Added the Power Pages default domain as the origin.
  3. Configured origin group and routing rules.
  4. Added the custom domain in Azure Front Door.
  5. Verified domain ownership using the TXT record provided by Azure.
  6. Added the TXT record in the DNS provider.
  7. Added a CNAME record pointing the subdomain to the Front Door endpoint.
  8. Enabled Front Door managed TLS certificate.
  9. Verified DNS resolution using nslookup, the subdomain correctly resolves to the Front Door endpoint.
  10. Added the custom domain redirect URIs in Azure App Registration.

Issue

When accessing the custom subdomain:

1.The request successfully routes through Azure Front Door.
2.The portal loads and immediately redirects to Microsoft Entra ID for login.
3.Authentication fails with: ExternalAuthenticationFailed

When inspecting the login request to Microsoft Entra ID, the redirect_uri parameter still points to the default Power Pages domain instead of the custom subdomain.

Example:

redirect_uri = https://

instead of

redirect_uri = https://

Even though the custom domain redirect URIs have already been added in the Azure App Registration.

I noticed that configuring the custom domain directly in Power Pages requires uploading an SSL certificate manually. Since this certificate would need to be renewed and uploaded again after expiration, I chose to use Azure Front Door with managed TLS to avoid manual certificate management.

Question
When using Azure Front Door with managed TLS in front of a Power Pages site, is it still required to configure the custom domain directly in Power Pages?

Or is there another configuration required to ensure the authentication redirect URI uses the custom subdomain instead of the default Power Pages domain?

Read more here: Source link

Azure Front Door custom domain with Power Pages causing ExternalAuthenticationFailed during Azure AD login

admin

I am trying to configure a custom subdomain for a Power Pages website using Azure Front Door as the entry point. The DNS is managed externally.

Setup

  • Power Pages site has the default URL: *.powerappsportals.com
  • A custom subdomain is configured to access the portal through Azure Front Door.
  • Azure Front Door uses the Power Pages URL as the origin.
  • Front Door managed TLS certificate is enabled for the custom domain.

Configuration Completed

  1. Created Azure Front Door profile.
  2. Added the Power Pages default domain as the origin.
  3. Configured origin group and routing rules.
  4. Added the custom domain in Azure Front Door.
  5. Verified domain ownership using the TXT record provided by Azure.
  6. Added the TXT record in the DNS provider.
  7. Added a CNAME record pointing the subdomain to the Front Door endpoint.
  8. Enabled Front Door managed TLS certificate.
  9. Verified DNS resolution using nslookup, the subdomain correctly resolves to the Front Door endpoint.
  10. Added the custom domain redirect URIs in Azure App Registration.

Issue

When accessing the custom subdomain:

1.The request successfully routes through Azure Front Door.
2.The portal loads and immediately redirects to Microsoft Entra ID for login.
3.Authentication fails with: ExternalAuthenticationFailed

When inspecting the login request to Microsoft Entra ID, the redirect_uri parameter still points to the default Power Pages domain instead of the custom subdomain.

Example:

redirect_uri = https://

instead of

redirect_uri = https://

Even though the custom domain redirect URIs have already been added in the Azure App Registration.

I noticed that configuring the custom domain directly in Power Pages requires uploading an SSL certificate manually. Since this certificate would need to be renewed and uploaded again after expiration, I chose to use Azure Front Door with managed TLS to avoid manual certificate management.

Question
When using Azure Front Door with managed TLS in front of a Power Pages site, is it still required to configure the custom domain directly in Power Pages?

Or is there another configuration required to ensure the authentication redirect URI uses the custom subdomain instead of the default Power Pages domain?

Read more here: Source link

Azure Front Door custom domain with Power Pages causing ExternalAuthenticationFailed during Azure AD login

admin

I am trying to configure a custom subdomain for a Power Pages website using Azure Front Door as the entry point. The DNS is managed externally.

Setup

  • Power Pages site has the default URL: *.powerappsportals.com
  • A custom subdomain is configured to access the portal through Azure Front Door.
  • Azure Front Door uses the Power Pages URL as the origin.
  • Front Door managed TLS certificate is enabled for the custom domain.

Configuration Completed

  1. Created Azure Front Door profile.
  2. Added the Power Pages default domain as the origin.
  3. Configured origin group and routing rules.
  4. Added the custom domain in Azure Front Door.
  5. Verified domain ownership using the TXT record provided by Azure.
  6. Added the TXT record in the DNS provider.
  7. Added a CNAME record pointing the subdomain to the Front Door endpoint.
  8. Enabled Front Door managed TLS certificate.
  9. Verified DNS resolution using nslookup, the subdomain correctly resolves to the Front Door endpoint.
  10. Added the custom domain redirect URIs in Azure App Registration.

Issue

When accessing the custom subdomain:

1.The request successfully routes through Azure Front Door.
2.The portal loads and immediately redirects to Microsoft Entra ID for login.
3.Authentication fails with: ExternalAuthenticationFailed

When inspecting the login request to Microsoft Entra ID, the redirect_uri parameter still points to the default Power Pages domain instead of the custom subdomain.

Example:

redirect_uri = https://

instead of

redirect_uri = https://

Even though the custom domain redirect URIs have already been added in the Azure App Registration.

I noticed that configuring the custom domain directly in Power Pages requires uploading an SSL certificate manually. Since this certificate would need to be renewed and uploaded again after expiration, I chose to use Azure Front Door with managed TLS to avoid manual certificate management.

Question
When using Azure Front Door with managed TLS in front of a Power Pages site, is it still required to configure the custom domain directly in Power Pages?

Or is there another configuration required to ensure the authentication redirect URI uses the custom subdomain instead of the default Power Pages domain?

Read more here: Source link

Azure Front Door custom domain with Power Pages causing ExternalAuthenticationFailed during Azure AD login

admin

I am trying to configure a custom subdomain for a Power Pages website using Azure Front Door as the entry point. The DNS is managed externally.

Setup

  • Power Pages site has the default URL: *.powerappsportals.com
  • A custom subdomain is configured to access the portal through Azure Front Door.
  • Azure Front Door uses the Power Pages URL as the origin.
  • Front Door managed TLS certificate is enabled for the custom domain.

Configuration Completed

  1. Created Azure Front Door profile.
  2. Added the Power Pages default domain as the origin.
  3. Configured origin group and routing rules.
  4. Added the custom domain in Azure Front Door.
  5. Verified domain ownership using the TXT record provided by Azure.
  6. Added the TXT record in the DNS provider.
  7. Added a CNAME record pointing the subdomain to the Front Door endpoint.
  8. Enabled Front Door managed TLS certificate.
  9. Verified DNS resolution using nslookup, the subdomain correctly resolves to the Front Door endpoint.
  10. Added the custom domain redirect URIs in Azure App Registration.

Issue

When accessing the custom subdomain:

1.The request successfully routes through Azure Front Door.
2.The portal loads and immediately redirects to Microsoft Entra ID for login.
3.Authentication fails with: ExternalAuthenticationFailed

When inspecting the login request to Microsoft Entra ID, the redirect_uri parameter still points to the default Power Pages domain instead of the custom subdomain.

Example:

redirect_uri = https://

instead of

redirect_uri = https://

Even though the custom domain redirect URIs have already been added in the Azure App Registration.

I noticed that configuring the custom domain directly in Power Pages requires uploading an SSL certificate manually. Since this certificate would need to be renewed and uploaded again after expiration, I chose to use Azure Front Door with managed TLS to avoid manual certificate management.

Question
When using Azure Front Door with managed TLS in front of a Power Pages site, is it still required to configure the custom domain directly in Power Pages?

Or is there another configuration required to ensure the authentication redirect URI uses the custom subdomain instead of the default Power Pages domain?

Read more here: Source link