locked
ADFS Proxy Enable HSTS RRS feed

  • Question

  • I know this has been asked...but here we go.

    the Government is directing via BOD (Binding Operation Directive) 18-01 and the driving directive OMB M-15-13.   So, to say that a) HSTS is not required, is not good enough.  We are forced at this point to migrate from MS ADFS Proxy to other proxy services that support HSTS.

    b) we are getting hit because the HTML code reveals the source server as being Microsoft.

    SSL Labs as to scan the public facing sites, we can determine that the initial view (do follow the forward) the ADFS Proxy fails the test.

    I would like to know if the ADFS Proxy will be modify to allow modification of the html to exclude the server information and include the ability to insert the HSTS settings.

    Thanks

    Thursday, October 29, 2020 11:22 PM