Home

Multiple hostname support in ADFS?

%3CLINGO-SUB%20id%3D%22lingo-sub-274493%22%20slang%3D%22en-US%22%3EMultiple%20hostname%20support%20in%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-274493%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20way%20to%20have%20ADFS%20work%20on%20multiple%20hostnames%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20instance%2C%20our%20ADFS%203%20(on%20Server%202012%20R2)%20is%20currently%20configured%20as%20fs.domain.com.%20If%20we%20create%20a%20CNAME%20to%20point%20something.domain.com%20to%20fs.domain.com%20and%20then%20try%20to%20browse%20to%20%3CA%20href%3D%22https%3A%2F%2Fsomething.domain.com%2Fadfs%2Fls%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsomething.domain.com%2Fadfs%2Fls%2F%3C%2FA%3E%2C%20I%20get%20the%20following%20results%3A%3C%2FP%3E%3CP%3E-%20Chrome%3A%26nbsp%3B%26nbsp%3B%3CSPAN%3EERR_CONNECTION_RESET%3C%2FSPAN%3E%3CBR%20%2F%3E-%20Firefox%3A%26nbsp%3B%20Secure%20Connection%20Failed%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBefore%20I%20go%20the%20route%20of%20creating%20a%20new%20SSL%20certificate%20with%20both%20the%20fs.domain.com%20and%20something.domain.com%20names...%20will%20this%20even%20work%3F%20Will%20ADFS%20respond%20as%20both%20fs.domain.com%20and%20something.domain.com%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere's%20a%20long%20winded%20reason%20why%20I'm%20asking%2C%20but%26nbsp%3Bit's%20fairly%20irrelevant%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpgrading%20ADFS%20is%20certainly%20an%20option%2C%20if%20there%20are%20features%20in%20newer%20versions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-274493%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-277549%22%20slang%3D%22en-US%22%3ERe%3A%20Multiple%20hostname%20support%20in%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-277549%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20was%20my%20thinking%2C%20but%20I%20wanted%20to%20bounce%20the%20thought%20around%20before%20I%20went%20another%20route.%20Thanks%20for%20your%20input!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-276526%22%20slang%3D%22en-US%22%3ERe%3A%20Multiple%20hostname%20support%20in%20ADFS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-276526%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20will%20not%20work%20most%20of%20the%20time.%20Redirects%20to%20IdP%20happen%20from%20SP.%20CNAME%20might%20work%20but%20ADFS%20is%20unaware%20itself%20of%20%22secondary%22%20name.%20and%20SSL%20bind%20will%20be%20funky%20(strict%20check%20for%20HTTPS%20hostname%20binding)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Philip Erb
New Contributor

Is there any way to have ADFS work on multiple hostnames?

 

For instance, our ADFS 3 (on Server 2012 R2) is currently configured as fs.domain.com. If we create a CNAME to point something.domain.com to fs.domain.com and then try to browse to https://something.domain.com/adfs/ls/, I get the following results:

- Chrome:  ERR_CONNECTION_RESET
- Firefox:  Secure Connection Failed

 

Before I go the route of creating a new SSL certificate with both the fs.domain.com and something.domain.com names... will this even work? Will ADFS respond as both fs.domain.com and something.domain.com?

 

There's a long winded reason why I'm asking, but it's fairly irrelevant here.

 

Upgrading ADFS is certainly an option, if there are features in newer versions.

2 Replies

It will not work most of the time. Redirects to IdP happen from SP. CNAME might work but ADFS is unaware itself of "secondary" name. and SSL bind will be funky (strict check for HTTPS hostname binding)

That was my thinking, but I wanted to bounce the thought around before I went another route. Thanks for your input!

Related Conversations
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
PacketMon Components are not loading in WAC 1909
HotCakeX in Windows Admin Center on
2 Replies