Az - Application Proxy

Reading time: 3 minutes

Basic Information

From the docs:

Azure Active Directory's Application Proxy inatoa ufikiaji salama wa mbali kwa programu za wavuti za ndani. Baada ya kuingia mara moja kwenye Azure AD, watumiaji wanaweza kufikia programu za wingu na programu za ndani kupitia URL ya nje au lango la programu la ndani.

Inafanya kazi kama ifuatavyo:

1. Baada ya mtumiaji kufikia programu kupitia kiunganishi, mtumiaji anapelekwa kwenye ukurasa wa kuingia wa Azure AD.
2. Baada ya kuingia kwa mafanikio, Azure AD inatuma tokeni kwa kifaa cha mteja wa mtumiaji.
3. Mteja anatumia tokeni kwa huduma ya Application Proxy, ambayo inapata jina la msingi la mtumiaji (UPN) na jina la msingi la usalama (SPN) kutoka kwa tokeni. Application Proxy kisha inatuma ombi kwa kiunganishi cha Application Proxy.
4. Ikiwa umeweka muunganisho wa kuingia mara moja, kiunganishi kinafanya uthibitishaji wa ziada wowote unaohitajika kwa niaba ya mtumiaji.
5. Kiunganishi kinatuma ombi kwa programu ya ndani.
6. Jibu linatumwa kupitia kiunganishi na huduma ya Application Proxy kwa mtumiaji.

Enumeration

# Enumerate applications with application proxy configured
Get-AzureADApplication | %{try{Get-AzureADApplicationProxyApplication -ObjectId $_.ObjectID;$_.DisplayName;$_.ObjectID}catch{}}

# Get applications service principal
Get-AzureADServicePrincipal -All $true | ?{$_.DisplayName -eq "Name"}

# Use the following ps1 script from https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/scripts/powershell-display-users-group-of-app
# to find users and groups assigned to the application. Pass the ObjectID of the Service Principal to it
Get-ApplicationProxyAssignedUsersAndGroups -ObjectId <object-id>

Marejeo

• https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy