I ask this question with least knowledge of SSO with ADFS, so pardon my mistakes. we have a situation where we need help and any reply would be of help.
Currently our customers have the facility to access our application using SSO via PingFederate and http. However, customers are now planning to move to ADFS and connect via https to our application.
The problem is that our servers, where the application is hosted are not exposed to internet and are workgroup servers (not on any domain). The servers sit behind our enterprise firewalls.
Current set up is such that, the authenticated PingFederate request is mapped to IP (NAT) at the customer's end and the request is sent via the firewalls which understand the NATing to route the request to our servers. However, customers say that their ADFS generates token only with FQDN and they do not want to covert the request to IP based request. I would like to know what options do we have to receive the FQDN token requests generated at customer's ADFS on our machines.
1. Customers can convert it to IP based and send it through firewall similar to the Pingfederate method.
2. We move our servers from workgroup into our company domain and issue SSL certificates with a domain name.
I would like to know, if there is any other option what we can employ to solve this.
FYI - Our servers are using IBM WAS (not IIS or webserver).