locked
ADFS 3.0 + URL rewrite RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Have an ADFS server, want to rewrite a deep linked url. URL rewrite is installed and rules setup on our 2012R2 server (IIS). however when the link hits the ADFS server it doesnt rewrite. 

    I see that ADFS 3.0 doesnt use IIS really for much. but after all my searching i dont see a confirmed way of enabling this functionality. 

    1. I have relay state enabled in Microsoft.IdentityServer.Servicehost.exe.config
    2. I have URL rewrite 2.1 installed in IIS (64 bit)
    3. i have restarted IIS, IIS manager, and ADFS
    4. I have tried creating the rule at the ADFS server level and at the default web site level to no avail. 

    What is the procedure to rewrite an incoming URL to ADFS 3.0 to another URL so that ADFS 3.0 can process it correctly. 

     
    • Edited by I_Know_God Monday, May 7, 2018 7:32 PM updated 64 bit
    Monday, May 7, 2018 6:51 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi I_Know_God,

    The HTTPs binding for ADFS on Windows 2012 R2 bypasses your IIS instance altogether, so URL rewrite is not possible on the same box the way it was on Windows 2008 R2. Your options to perform URL re-writing are as follows:

    1) Perform the rewriting client side using an ADFS theme with Javascript code that performs the re-write using a JavaScript based redirection.

    2) Insert an additional Reverse Proxy that will do the re-write for you into the architecture, you could accomplish this using AAR if you want to stay within the Windows world, or any number of third party Reverse Proxy solutions.

    Good luck!

    Shane

    Monday, May 7, 2018 8:08 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Couple of questions. 

    1. do you have examples of the ADFS theme java script rewrites?
    2. AAR on the ADFS 3.0 wouldnt work on the same box because of the same issue right? the traffic bypasses the ADFS instance altogether. 

    I want to note that we have a WAP in the DMZ but currently internal traffic goes directly to the ADFS. Server. 

    Q3: If we redirected all ADFS traffic to the DMZ through our WAP the WAP doesnt have the same issues as the ADFS server and IIS rewrite policies would be applied i assume? 

    A3: Yes it has the same issues for the WAP another Proxy server is required it appears. 
    • Edited by I_Know_God Tuesday, May 8, 2018 5:44 PM WAP information
    Monday, May 7, 2018 9:38 PM