Setup:
Server 1: ARR Reverse Proxy
Server 2: App Server
Server 3: Identity Server (Identity Server 3).
Both the App Server and Identity Server are behind DMZ and accessible only via Reverse Proxy.
App Server redirects unauthenticated requests to Identity Server for AuthN.
Identity Server uses Active Directory as Identity Provider. Application uses OpenIDConnect as the AuthN Middleware.
All the URL Rewrite rules are working properly and the redirections happen correctly.
Browser popup asks for credentials after redirection to Identity Server (401 challenge). After entering the credentials ARR returns 502.3 (Server returned invalid response) error. Response to 401 challenge is not even sent to the Identity Server. ARR throws the above error.
Error in ARR IIS Log: 502.3 sc-win32-status: 12018 (The type of handle supplied is incorrect for this operation).
Any pointers will really help.
Thank you