I have a reverser proxy setup with ARR and URL Rewite on IIS 8.5

public site exposed is http:/publicsite

http:/publicsite act as a reverse proxy to the internal site http:/internalsite

Every thing was working fine till we implement SSO for the internal site. Once sso is implemeted internal site is redirecting to http:/ssosite to get authenticated

Since in ARR we have enabled the option "Reverse rewrite host in response headers" the redirection to sso site was not proper. To make it work "Reverse rewrite host in response headers" is disabled. and the sso redirection started working.

But now the issue happening is after succesful login the ADFS tries to redirect to http:/publicsite. and reverse proxy respond with a 302 and the location in the response is http:/internalsite and the client machine doesnt have access to.

In the same browser if i try to access the site http:/publicsite again everything is working as expected because it is already authenticated and no redirection required to sso site and back to application.

My understanding is the response header is not getting re written since we have disabled the "Reverse rewrite host in response headers" option.

Set preserveHostHeader="true" in applicationhost.config in the reverse proxy server. This solved the issue.

https://forums.iis.net/t/1176668.aspx