Has anyone here tried using a StoreFront website configured with Azure for the SAML iDP as well as put behind an Azure App proxy? Configuring internal StoreFront to just use Azure AD via SAML (with FAS) for auth works well, and configuring Storefront behind an Azure App Proxy but using user/Password or Domain passthrough auth works well. But if you combine the two it seems once the StoreFront SAML auth process is finishing it does a redirect back to an Internal URL (e.g. https://internalserver.lab.com/Citrix/DemoStoreAuth/SamlForms/WebView..... ) with a "return url not valid" error and not the App Proxy based URL for the store web site like it should.