For our external VIP AuthHub urls, the well known openid configuration endpoint requires authentication from the azserver, whereas .net does not. When accessing the external url endpoint from any region i.e. https://authhub.test.customername.com/common/.well-known/openid-configuration we see a json message in the browser
{
}
And we see splunk logs from the azserver
12/12/22 10:04:54.537 AM |
{ [-]
|
Basically we have no idea why .com is requiring authentication for .com well-known endpoint.
Release : Oct.05
This was a product limitation that only single Vanity host url can be configured per tenant but customer had a requirement to have more than one configured for the single tenant. The fix was added in VIP Auth Auth Oct.05 release to address this limitation. Here are the details for the release.