Hi All
I have been tasked with designing and implementing ADFS 2.0 in our organisation. This will be a one way authentication mechanism from a 3rd party web application to authenticate with our active directory.
What I need to understand is how certificates play a part in this. We have a root/intermediate CA for domain.local which we want to use for ADFS however we are unsure if a local domain certificate will create problems on the permiter/internet side of things. We present an ADFS login via a proxy server in the DMZ which will be accessible from a real domain and have the necessary certificate. The ADFS proxy then relays the information back to the internal ADFS server which will be using the local domain certificate. Will this cause issues?
Could be a simple case of putting an intermediate CA in the DMZ for the proxy to certify with? Does ADFS "bind" to the hostname you present out to the wild in any way?
Thanks for your help, hope this post is coherent
I have been tasked with designing and implementing ADFS 2.0 in our organisation. This will be a one way authentication mechanism from a 3rd party web application to authenticate with our active directory.
What I need to understand is how certificates play a part in this. We have a root/intermediate CA for domain.local which we want to use for ADFS however we are unsure if a local domain certificate will create problems on the permiter/internet side of things. We present an ADFS login via a proxy server in the DMZ which will be accessible from a real domain and have the necessary certificate. The ADFS proxy then relays the information back to the internal ADFS server which will be using the local domain certificate. Will this cause issues?
Could be a simple case of putting an intermediate CA in the DMZ for the proxy to certify with? Does ADFS "bind" to the hostname you present out to the wild in any way?
Thanks for your help, hope this post is coherent
