We have run into huge trouble with usage of FIM Portal, Password Reset/Reg Portals installed on the DMZ Servers.
These Portals in DMZ are meant for internal and external users, coming in from the extranet.
Also internal users are part of “INTERNALAD-DOMAIN.COM” AD (internal) and external users are part of “EXTERNALAD-DOMAIN.COM” AD (external) .
Note that all FIM components (including the ones (FIM Portal, Password Reset/Reg Portals) in DMZ) are joined to internal AD (INTERNALAD-DOMAIN.COM).
Internal users on the corporate network are able to get in to the FIM Portal, Password Reset/Reg Portals on the DMZ Servers via native Kerberos authentication (note that internal AD - “INTERNALAD-DOMAIN.COM” is involved here). This is because all FIM
Servers are joined to internal AD - “INTERNALAD-DOMAIN.COM”.
But bigger issue is with internal/external users accessing these Portals in DMZ from the extranet, as Kerberos/NTLM authentication cannot be used here.
How do we make these FIM Portals in DMZ accessible to both internal and external user constituencies from extranet, with internal users being part of “INTERNALAD-DOMAIN.COM” AD and external users being part of “EXTERNALAD-DOMAIN.COM” AD?