SAML with Application Request Routing giving permission denied error

Working on a POC for our client with SAML login.
Our set up is, matomo will be accessed through Application Request Routing from the main app server.
Means : Matomo is installed on matomo server.
But users will be accessing matomo through userapplication/matomo. This request will be routed to matomo server using IIS AAR.

The reason is, end user should not see a separate domain for matomo.

Configured the SAML login. If we are trying direct matomo domain, the login is working perfect.
But when we configure through the Application request routing, after the post back from microsoft entra to matomo, matomo is giving the error “You do not have permission to view this directory or page.”.
Just to confirm, matomo as it is working fine through ARR set up. Only issue we face is on the SAML.

Also enabled the debug mode. But do not see any additional error messages in the logs.

Please rignore. Found the reason. The post request was being blocked by the CORS policy. Updated the CORS to allow call from microsoft login domain, it is working fine now.