I currently have a self-hosted application protected by Cloudflare Access.
The application uses the cloudfared to tunnel through to Cloudflare.
When I connect to the application it, correctly, completes the SSO by connecting me to my IDP (Azure AD) for authentication. (Unless I am already signed in, in which case it doesn’t request my creds).
No issues here.
The application itself then needs authentication. I understand that a JWT is passed through in the header but unfortunately the application is third party and can’t use it. I tried to setup the SSO within the application connecting through to Azure AD but it fails. I assume that this is because Azure AD can’t reply back to the application with its assertion because it is blocked by Cloudflare access.
This article here suggests that we can use a Cloudflare worker to convert the JWT to SAML (see “Converting JWT to SAML with Cloudflare Workers”)
Cloudflare Access: now for SaaS apps, too
How do I get my application to pick up the SSO credentials? Either connecting to Cloudflare to ‘passthrough’ the token or allow the return connection from Azure AD for the SSO process?
Any help would be appreciated!