Home

How can ADFS communicate with a workgroup server on external network

%3CLINGO-SUB%20id%3D%22lingo-sub-794368%22%20slang%3D%22en-US%22%3EHow%20can%20ADFS%20communicate%20with%20a%20workgroup%20server%20on%20external%20network%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794368%22%20slang%3D%22en-US%22%3E%3CP%3EI%20ask%20this%20question%20with%20least%20knowledge%20of%20SSO%20with%20ADFS%2C%20so%20pardon%20my%20mistakes.%20we%20have%20a%20situation%20where%20we%20need%20help%20and%20any%20reply%20would%20be%20of%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%20our%20customers%20have%20the%20facility%20to%20access%20our%20application%20using%20SSO%20via%20PingFederate%20and%20http.%20However%2C%20customers%20are%20now%20planning%20to%20move%20to%20ADFS%20and%20connect%20via%20https%20to%20our%20application.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%20that%20our%20servers%2C%20where%20the%20application%20is%20hosted%20are%20not%20exposed%20to%20internet%20and%20are%20workgroup%20servers%20(not%20on%20any%20domain).%20The%20servers%20sit%20behind%20our%20enterprise%20firewalls.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20set%20up%20is%20such%20that%2C%20the%20authenticated%20PingFederate%20request%20is%20mapped%20to%20IP%20(NAT)%20at%20the%20customer's%20end%20and%20the%20request%20is%20sent%20via%20the%20firewalls%20which%20understand%20the%20NATing%20to%20route%20the%20request%20to%20our%20servers.%20However%2C%20customers%20say%20that%20their%20ADFS%20generates%20token%20only%20with%20FQDN%20and%20they%20do%20not%20want%20to%20covert%20the%20request%20to%20IP%20based%20request.%20I%20would%20like%20to%20know%20what%20options%20do%20we%20have%20to%20receive%20the%20FQDN%20token%20requests%20generated%20at%20customer's%20ADFS%20on%20our%20machines.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Customers%20can%20convert%20it%20to%20IP%20based%20and%20send%20it%20through%20firewall%20similar%20to%20the%20Pingfederate%20method.%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20We%20move%20our%20servers%20from%20workgroup%20into%20our%20company%20domain%20and%20issue%20SSL%20certificates%20with%20a%20domain%20name.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20know%2C%20if%20there%20is%20any%20other%20option%20what%20we%20can%20employ%20to%20solve%20this.%26nbsp%3B%3C%2FP%3E%3CP%3EFYI%20-%20Our%20servers%20are%20using%20IBM%20WAS%20(not%20IIS%20or%20webserver).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-794368%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eadfs%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
vdayananda
Occasional Visitor

I ask this question with least knowledge of SSO with ADFS, so pardon my mistakes. we have a situation where we need help and any reply would be of help.

 

Currently our customers have the facility to access our application using SSO via PingFederate and http. However, customers are now planning to move to ADFS and connect via https to our application. 

 

The problem is that our servers, where the application is hosted are not exposed to internet and are workgroup servers (not on any domain). The servers sit behind our enterprise firewalls. 

 

Current set up is such that, the authenticated PingFederate request is mapped to IP (NAT) at the customer's end and the request is sent via the firewalls which understand the NATing to route the request to our servers. However, customers say that their ADFS generates token only with FQDN and they do not want to covert the request to IP based request. I would like to know what options do we have to receive the FQDN token requests generated at customer's ADFS on our machines.

 

1. Customers can convert it to IP based and send it through firewall similar to the Pingfederate method. 

2. We move our servers from workgroup into our company domain and issue SSL certificates with a domain name. 

I would like to know, if there is any other option what we can employ to solve this. 

FYI - Our servers are using IBM WAS (not IIS or webserver).

 

Cheers

 

 

 

Related Conversations
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
Edge insider Dev bypasses IE mode website list
HotCakeX in Enterprise on
4 Replies