ADFS STS over IP Address
-
21 Mart 2012 Çarşamba 07:06
I installed ADFS 2.0 on our domain AD server and configured ACS on Azure. I am trying to achieve a scenario where Internet users will have to provide their domain credentials to access the website hosted on Azure.
Here, I came across a scenarios where my AD server is exposed to public over an IP Address and not over a qualified domain name. Here is the portion of generated FederatedMetadata.xml
<EntityDescriptor ID="_eed02eb3-b8c1-4afe-ad9c-16ea0a6cd9cf" entityID="http://183.82.48.196/adfs/services/trust" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> .....
My question is, can AD server expose STS over IP Address (and not on domain name) when requested for from ACS on Azure??
Thanks much in advance.
Tüm Yanıtlar
-
21 Mart 2012 Çarşamba 12:27
Hi prudhvi,
This shouldn't be a problem since the entity ID is simply a unique identifier for your identity provider. But the question is, do you really want to expose your ADFS over an IP address? A domain name is much safer when it comes to errors and scalablity.
Sandrino
Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog
-
21 Mart 2012 Çarşamba 22:24
I'm not entirely sure it would work. At the very least you would receive a bunch of security warnings because the service certificate used for HTTPS doesn't match the domain.
Developer Security MVP | www.syfuhs.net
- Yanıt Olarak İşaretleyen Arwind - MSFTModerator 27 Mart 2012 Salı 11:34
