ADFS Certificatation RRS feed

  • Question

  • Hello All,

    there is a WAP server and ADFS server on my network and will create federation with office 365.

    Our netwrok team do SSL ofloading on F5 firewall and dont want to share SSL cerfificate with private key.

    does ADFS supoort SSL ofloading ?

    can i use internal certificates which i wll create on local CA for ADFS and WAP ?

    thank you

    Wednesday, November 15, 2017 12:44 PM

All replies

  • When federating with Office 365, there is no need to share any private key. Actually, you should never share a private key, it's private...

    Then there are things you can do and things you can't.

    You cannot do offloading or any type of inspection that terminates the SSL tunnel between WAP and ADFS.

    You can do it on the front of ADFS but this break certificate based (TLS) authentication. Things are explained in details here: SSL Termination with Web Application Proxy and AD FS 2012 R2 https://blogs.technet.microsoft.com/applicationproxyblog/2014/07/04/ssl-termination-with-web-application-proxy-and-ad-fs-2012-r2/

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, November 15, 2017 8:33 PM