In previous post, I showed you how to install and configure ADFS role on Windows Server 2012 R2. Now is time to briefly describe why we need ADFS proxy and how to install and configure Web Application Proxy as ADFS proxy.
If you want to make ADFS infrastructure available to the Internet in a secure fashion, you probably don’t place your ADFS available to internet. ADFS proxy (Web Application Proxy) is Windows Server 2012 R2 role capable to forward authentication queries received from Office 365 to ADFS server. ADFS proxy need to be placed to DMZ and can be in Workgroup, but also can be domain member server.
Because ADFS proxy need to communicate with ADFS server, name resolution is most important to configure, especially if you install ADFS proxy as a workgroup server.
ADFS proxy installation
ADFS proxy configuration
Once installed ADFS proxy, have to be properly configured. We must not forget:
- Provide name resolution between ADFS server and ADFS proxy
- Install ADFS SSL certificate to ADFS proxy
- Change DNS A record in public DNS zone to ADFS proxy public IP address
If you run all steps successfully, your ADFS proxy is probably configured and functional. You can check operational status of your ADFS proxy in management console and confirm that everything is functional.
Also, if you change DNS A record to IP address of ADFS proxy, you can try to test sign in on same way as a ADFS server test in previous post. Just type in your browser https://adfs.tech-trainer.info/adfs/ls/idpinitiatedsignon.htm. If you don’t forget any step, your authentication query will be sent to ADFS proxy, and proxy will forward query to ADFS server.
Pretty easy when you know all steps 🙂
In next post, I will show you how to configure Office 365 tenant for SSO.