troubleshooting Question
ADFS internal and external users
Hi,
I've been trawling the 'net' for an answer and diagrams (including network ports) to show how to configure a scenario for both internal and external SSO/ADFS 3.0 design.
I understand I need an internal ADFS server farm (which can be used for internal SSO access.
I also understand I need a WAP server farm in a perimeter network/DMZ for external users.
A public SSL cert wil be used: e.g. adfs.company.com
We'll use DNS internally, internal domain is company.local so i'll add a zone from company.com with an a record of adfs.company.com
We'll use a host file for the WAP servers in the DMZ
The WAP farm servers will obviously communicate with both external clients and the SaaS provider.
How will the internal ADFS communication work for internal users? Does this traffic go out via the WAP server route or will it require it's own access to the SaaS provider?
Also, (sorry I know this is another question)
Is is viable to setup two separate ADFS farms in two locations and use something like route53 to route to site two if site one goes down?
I'm also assuming that port 443 is used for all server and client comms.
Appreciate any help on these questions.
Thanks,
Andy
I've been trawling the 'net' for an answer and diagrams (including network ports) to show how to configure a scenario for both internal and external SSO/ADFS 3.0 design.
I understand I need an internal ADFS server farm (which can be used for internal SSO access.
I also understand I need a WAP server farm in a perimeter network/DMZ for external users.
A public SSL cert wil be used: e.g. adfs.company.com
We'll use DNS internally, internal domain is company.local so i'll add a zone from company.com with an a record of adfs.company.com
We'll use a host file for the WAP servers in the DMZ
The WAP farm servers will obviously communicate with both external clients and the SaaS provider.
How will the internal ADFS communication work for internal users? Does this traffic go out via the WAP server route or will it require it's own access to the SaaS provider?
Also, (sorry I know this is another question)
Is is viable to setup two separate ADFS farms in two locations and use something like route53 to route to site two if site one goes down?
I'm also assuming that port 443 is used for all server and client comms.
Appreciate any help on these questions.
Thanks,
Andy
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 6 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.