none
FIM Portal, Password Reset, Reg Portals installed on the DMZ Servers with Two Active Directory. One for External User(Customer) and One for Internal User (Employee)

    Question

  • Hi

    We have run into huge trouble with usage of FIM Portal, Password Reset/Reg Portals installed on the DMZ Servers. 

    These Portals in DMZ are meant for internal and external users,  coming in from the extranet. 

    Also internal users are part of “INTERNALAD-DOMAIN.COM” AD (internal) and external users are part of “EXTERNALAD-DOMAIN.COM” AD (external) .

    Note that all FIM components (including the ones (FIM Portal, Password Reset/Reg Portals) in DMZ) are joined to internal AD (INTERNALAD-DOMAIN.COM).

    Internal users on the corporate network are able to get in to the FIM Portal, Password Reset/Reg Portals on the DMZ Servers via native Kerberos authentication (note that internal AD  - “INTERNALAD-DOMAIN.COM” is involved here). This is because all FIM Servers are  joined to internal AD - “INTERNALAD-DOMAIN.COM”.

    But bigger issue is with internal/external users accessing these Portals in DMZ from the extranet, as Kerberos/NTLM authentication cannot be used here.

    How do we make these FIM Portals in DMZ accessible to both internal and external user constituencies from extranet, with internal users being part of “INTERNALAD-DOMAIN.COM” AD and external users being part of “EXTERNALAD-DOMAIN.COM” AD?

    Thanks

    Tapash Paul

    mercredi 16 octobre 2013 14:59

Toutes les réponses

  • Hi 

    M.Irfan - please provide some help

    AnthonyHo - please provide some help

    Thanks

    Paul

    mercredi 16 octobre 2013 16:36
  • Hi

    Please provide some help by any Architects from Super call Microsoft FIM

    We have "EXTERNALAD-DOMAIN.COM”  One Way Trust established to "INTERNALAD-DOMAIN.COM"

    1st thing we want to achieve is how external User from EXTERNALAD-DOMAIN.COM - AD can authenticate to "

    Reg Portals" and complete the registration process

    Appreciate

    Paul

    mercredi 16 octobre 2013 18:13