21. března 2012 7:06
I installed ADFS 2.0 on our domain AD server and configured ACS on Azure. I am trying to achieve a scenario where Internet users will have to provide their domain credentials to access the website hosted on Azure.
Here, I came across a scenarios where my AD server is exposed to public over an IP Address and not over a qualified domain name. Here is the portion of generated FederatedMetadata.xml
<EntityDescriptor ID="_eed02eb3-b8c1-4afe-ad9c-16ea0a6cd9cf" entityID="http://126.96.36.199/adfs/services/trust" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> .....
My question is, can AD server expose STS over IP Address (and not on domain name) when requested for from ACS on Azure??
Thanks much in advance.
21. března 2012 12:27
This shouldn't be a problem since the entity ID is simply a unique identifier for your identity provider. But the question is, do you really want to expose your ADFS over an IP address? A domain name is much safer when it comes to errors and scalablity.
Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog
21. března 2012 22:24
I'm not entirely sure it would work. At the very least you would receive a bunch of security warnings because the service certificate used for HTTPS doesn't match the domain.
Developer Security MVP | www.syfuhs.net
- Označen jako odpověď Arwind - MSFTModerator 27. března 2012 11:34