locked
How to force users from specific geographic location to specific ADFS Server RRS feed

  • Question

  • I have a unique requirement where my client wants to send request from specific office location to local ADFS first and if that ADFS is not available then send it another one which can be in another office location.

    They have one ADFS farm already deployed which contains two servers (Primary and Secondary). Now they want to add two more servers to different geographic locations. The idea behind this is that users should be redirected to local ADFS first and if it is not available then they should redirect to another ADFS(which will be preferably between one of the first two servers). I want help in knowing how can this be done. I can think following approaches if they are possible-

    1. Is there any setting in ADFS about this.

    2. Can this be achieve from DNS routing

    3. Can this be done using some kind of NLB. (If NLB is the option, can you suggest the name)


    • Edited by mdighe10 Tuesday, January 29, 2019 9:26 AM
    Monday, January 28, 2019 2:40 PM

All replies

  • It has to be done before the traffic hit the ADFS server. Hence this cannot be done at the ADFS level.

    It can be done at the network level, or more simply at the DNS level.

    You can look at this: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#geographic


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, January 29, 2019 3:07 AM
  • Hello,

    It can not be done at the ADFS level. Options are Azure traffic manager or an F5 Geolocation,etc.

    Hope this helps,


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Tuesday, January 29, 2019 5:40 AM
  • Thank you for your reply guys!
    I cannot use Azure Traffic Manager or F5 as of now. Are there any open source Traffic Managers which I can use?

    I checked Polaris GSLB from here https://blogs.msdn.microsoft.com/mihansen/2017/10/13/open-source-private-traffic-manager-and-regional-failover/  but it seems confusing to me.
    Basically I am not a Networking guy, but worked my way to ADFS.
    Thank you again for you reply.


    • Edited by mdighe10 Tuesday, January 29, 2019 10:12 AM
    Tuesday, January 29, 2019 10:11 AM
  • you need some kind of a load balancer to do that work for you. ADFS cannot do that.

    Cheers,

    Jorge de Almeida Pinto

    Lead Consultant | MVP Enterprise Mobility & Security | IAM Technologies

    COMMUNITY...:

    REQUEST: Please mark as answer if it helped you. Thanks!

    DISCLAIMER: This post is provided "AS IS" with no warranties of any kind, either expressed or implied, and confers no rights! Always evaluate/test yourself before using/implementing this!

    Tuesday, January 29, 2019 10:48 PM
  • Note that there is a step by step document available here:

    High availability cross-geographic AD FS deployment in Azure with Azure Traffic Manage

    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/active-directory-adfs-in-azure-with-azure-traffic-manager 


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, January 31, 2019 4:06 PM
  • Just saw you cannot use Traffic Manager. I am not sure why, but that's the cheapest option.

    If you host your own DNS servers, you might consider doing some DNS policies (it is possible with Windows Server 2016 DNS for example). But that's whole different game.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, January 31, 2019 4:07 PM