locked
Federation Service Identifier ? RRS feed

  • Question

  • Hi.

    I do have ADFS 3.0 which in general is working fine, except for one product which we cant get working.

    The question is  -  the Federation Service Identifier specified in General page is

    http://ADFS server internetname/adfs/services/trust   - mark HTTP! this is also in published metadata XML.

    We have in firewall blocked all other beside https (443).

    So - does this identifier URL must ba reachible from Internet?  or it is just some plain identifier which SHOULDNT be used as endpoint.

    Should we allow port 80 or change it to https? Does change to https require other service providers reconfigure their parts?

      

    Monday, September 19, 2016 2:23 PM

Answers

  • This is just the identifier which happen to be in an URI format. This is not an endpoint. And it is automatically generated at the installation of your ADFS farm.

    In the federation world, entities are identified with a unique identifier. Some of the IT world uses GUID, this part of the IT world uses URL something:something. Like urn:Lala:Lili-1 or http://lala/lili or https://lala/lili. I know it could be confusing because it looks like an endpoint you'd be able to reach with your browser but really it isn't.

    You do not have to open the port 443 between Internet and your WAP server. No worry.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, September 19, 2016 6:20 PM