We have Experience Builder developer edition applications deployed to Azure App Services on Linux.
Client ID is set up appropriately in portal and the EB application.
Portal and Server are deployed on Azure at maps.xxxx.com/portal, maps.xxxx.com/server.
We are set up using SAML auth against Azure AD.
We use forwarding rules on the app gateway to forward requests to the EB app server ebapp.azurewebsites.net from the URL maps.xxxx.com/apps/<appname>
This configuration is stable and works well for the most part.
Infrequently, a user is prompted to log in the the EB App twice. After the initial request, some of the layers will load in the browser app, then another log in dialog will pop up. When the clicks ok on the second dialog, the site will load as usual.
Looking at the network trace, it appears that the first auth goes well, and normal behavior happens. When the second login is requested, there is a call to revokeToken, then platformSelf, oauth2.authorize, oauth2.signin, generateToken, etc.
We would like to avoid the second login demand if at all possible. 99% of the time, if a user is regularly accessing the app, everything works fine, but the infrequent users get a little frustrated with the repeated login prompts.
