locked
ADFS and ADFS proxy issue RRS feed

  • Question

  • Hello Folks

    I am having an issue, which I have seen others have in different spectrum and partially addressing the problem I am having.

    So here it is.

    I am trying to deploy ADFS proxy in AWS, I have ADFS also located there - which federate access from a domain controller just fine - which in itself isn't the problem. However the domain I am using internally is .corp ( I am not able to move it to .com or any other domain ). So when I publish to .com from .corp I am seeing 

    The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching  endpoint registered at the proxy. This could point to a DNS misconfiguration, a partially configured application  published through the proxy, or a malicious request. 

    My certificate on pubic side is a wildrad . com cert - internally between ADFS and ADFS Proxy a self signed, which works as I can see Proxy receiving configuration from ADFS succesfully.

    Does anybody know or is able to suggest a solution without moving internal domain to .com?

    Thanks


    Thursday, February 2, 2017 11:03 AM

All replies

  • Hi Pat444,

    When building an ADFS with WAP you need to ensure that both services (internal and external) are located using the same DNS name.

    You would accomplish this by having split DNS - your internet dns service would contain a record like this

    sts.contoso.com A 203.x.x.x

    Where 203.x.x.x is the public IP address of your WAP. Your internal DNS should contain a record like this

    sts.contoso.com A 10.x.x.x

    Where 10.x.x.x is the internal IP address of your ADFS server.

    Good Luck!

    Shane

    Friday, February 3, 2017 2:56 AM