Federation Trust Multiple redirection URLs RRS feed

  • Question

  • Hello,

    we are using a Federation Trust for accessing some centrally hosted SAML-Applications. Everything worked fine, before running into a DNS-Problem.

    Most clients access the claims provider via sts.contoso.com on which the federation service listens.

    Some clients are in another network and can't resolve contoso.com for security reasons.

    The Hosts of the zone contoso.com in the other network are stored in the zone contoso.ch.adatum.com and the ADFS-System is resolvable on sts.contoso.ch.adatum.com.

    Is there any way to make ADFS listening on sts.contoso.com and sts.contoso.ch.adatum.com?

    Best Regards

    Johannes Tröster

    Johannes Tröster MCT

    Monday, August 26, 2019 10:42 AM

All replies

  • Hiya,

    No. This should be solved using proper DNS configuration.
    1: Allow zone replication.
    2: Create "split-brain" DNS for the zone. Only update those records relevant.
    3: Create a GPO that updates the host files of the machines.

    Obviously they allready have access to applications and data within your system, so disallowing a zone transfer doesn't make much sense. Having a duplicate DNS zone does remedy this, however gives a small DNS management overhead. Host files, because both of the above options are not an option, shows the level of trust and cooperation between.

    Kind Regards

    Tuesday, August 27, 2019 6:33 AM