none
MIM And ADFS integration RRS feed

  • Question

  • Hello Gurus,

         I would like to know about how can we provide SSO for a MIM portal exposed to external users via Internet. An admin will be creating the users in MIM portal and will be synced to AD. The users will be using there AD credentials for login to MIM portal. The AD domain is having ADFS. Can somebody guide on this or provide which link/blog can point to the right direction.

    Wednesday, April 24, 2019 7:50 AM

Answers

  • You should expose your MIM portal trough an reverse proxy solution for external users. The reverse proxy handles the (pre) authentication bit (ADFS/SAML, LDAP, Radius, etc..) and then handles the authentication against the MIM Portal (Basic/Kerberos, etc).

    As a reverse proxy, you can use solutions like:
    - F5 BigIP
    - Citrix Netscaler
    - KEMP
    - Azure AD Application Proxy (Your users needs to exist in a Azure AD)

    • Marked as answer by Markus_MIM2016 Wednesday, April 24, 2019 9:06 AM
    Wednesday, April 24, 2019 8:32 AM

All replies

  • You should expose your MIM portal trough an reverse proxy solution for external users. The reverse proxy handles the (pre) authentication bit (ADFS/SAML, LDAP, Radius, etc..) and then handles the authentication against the MIM Portal (Basic/Kerberos, etc).

    As a reverse proxy, you can use solutions like:
    - F5 BigIP
    - Citrix Netscaler
    - KEMP
    - Azure AD Application Proxy (Your users needs to exist in a Azure AD)

    • Marked as answer by Markus_MIM2016 Wednesday, April 24, 2019 9:06 AM
    Wednesday, April 24, 2019 8:32 AM
  • Thanks Fredrik, Gives me pointers how to proceed. I will mark this as answer and once this solution is working properly will update the forum with the steps.

       

    Wednesday, April 24, 2019 9:02 AM
  • Will you share the result? Did something work? I encountered the same problem. I use FIM on IIS (Windows Server) and Nginx as a proxy (CentOS) for external users, and windows authorization does not work
    Thursday, May 16, 2019 2:07 PM
  • Will you share the result? Did something work? I encountered the same problem. I use FIM on IIS (Windows Server) and Nginx as a proxy (CentOS) for external users, and windows authorization does not work
    Unless ngnix is set up in the Kerberos realm, that won't work.  You should use ADFS web application proxy (or F5 BigIP, properly configured with ADFS) to publish the MIM portal as a non-claims-aware application.  Keep in mind that you'll have to allow the WAP or BigIP service credential to delegate to all related service principals in the MIM frontend and database.
    Friday, May 17, 2019 12:14 AM