Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
we have an internal domain name used for ad, foo.local.
we are currently setting up an application which uses adfs for authentication, and wish to use app.foo.com and adfs.foo.com for our adfs.
if I setup my adfs instance on adfs.foo.local, and create a second web-application on the adfs.foo.local machine that will use a ssl certificate with a cn=adfs.foo.com, will this be sufficient, or do I need an adfs proxy to pull this off?
The name for ADFS has to be the same both internally and externally. This is a function of how the app interacts with ADFS.
The proxy enables easy external access with a different authentication mechanism (e.g. forms based) than internally (e.g. Windows Integrated Auth). If you want to use the same AuthN mechanism internally and externally, you could easily just NAT the ADFS servers directly.