ADFS Web Application Proxy - Automatically authenticate another federation RRS feed

  • Question

  • I am setting up a Web Application Proxy as a reverse proxy to publish some of our internal websites to the internet. I am going to publish https://portal.workplace.example as the "hub" site which will link off to various other websites hosted internally. These sites are hosted on various different servers so I want to use the WAP to take advantage of the SSO facility. This works nicely.

    One of the links will be to Office 365. We are using IAMCloud's Federate 365 service (which is essentially a hosted ADFS service) to authenticate our users. Using this means that users away from the workplace are not dependant on our internet connection being active to access O365 and that they will still be able to authenticate should our internet connection die. However, it also means that when the user clicks on the link on the portal page to Office 365 they are forced to re-authenticate. What I'd like to is to pass on the credentials that the Web Application Proxy collects onto the external federation service automatically. I just can't see how you'd do it.

    I have added the external ADFS farm as a relying party trust but I have no idea what I need to use as a claim rule so I've used a passthrough rule with the UPN as the claim being passed. I've also set up a publishing rule with the WAP with the external federation's URL and changed the hosts file on a test computer to make the external federation's address resolve to the WAP's IP address but this just results in a blank page. I fully accept that I'm not doing this right but I'm unsure of where to go from here. Can anyone give me some advice?

    Many thanks,

    Thursday, August 21, 2014 1:04 PM

All replies

  • Hi Ian,

    In that configuration, is not IAMCloud's Federation Service a clams provider to your own ADFS setup, rather than a relying party?


    Friday, August 22, 2014 10:02 PM
  • I believe that configuring IAMCloud as a Relying Party is correct in this configuration. But did IAMCloud also setup a Claims Provider Trust on their side, pointing to your ADFS? Also the UPN's in your AD should ofcourse match the UPN's at IAMCloud and O365.
    Tuesday, September 2, 2014 7:03 AM