locked
ADFS 3.0 SNI Requirement RRS feed

  • Question

  • Hi all,

    We know ADFS 3.0 mandates to use SNI in client hello. My questions are - 

    1. Will ADFS 3.0 server be hosting multiple domains, because of which SNI extension is required? 

    2. Is the domain name static for a ADFS 3.0 server?

    Thanks in advance.


    Thursday, August 20, 2015 5:44 AM

Answers

  • Hi,

    Will ADFS 3.0 server be hosting multiple domains, because of which SNI extension is required? 

    By hosting multiple domains, I assume you mean multiple account domains. In that case, I don’t think that SNI extension has any impact on numbers of account domain.

    Is the domain name static for a ADFS 3.0 server?

    Do you mean the domain which ADFS 3.0 server is joined to or domain the ADFS is redirecting authentication flow to?

    Here are some related articles below for you:

    Server Name Indication

    https://en.wikipedia.org/wiki/Server_Name_Indication

    ADFS Deep Dive: Planning and Design Considerations

    http://blogs.technet.com/b/askpfeplat/archive/2014/11/24/adfs-deep-dive-planning-and-design-considerations.aspx

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amy Wang_ Friday, August 21, 2015 9:55 AM
    • Proposed as answer by Amy Wang_ Monday, August 31, 2015 3:28 PM
    • Marked as answer by Amy Wang_ Tuesday, September 8, 2015 2:55 AM
    Friday, August 21, 2015 9:48 AM