Since the AD FS 2.0 RC, AD FS team “got feedback that the experience of setting up AD FS proxy server and making it work with AD FS Federation Service is cumbersome, as it involves multiple steps across both AD FS proxy and AD FS Federation Service machines”. In AD FS 2.0 RC, after IT admin installs AD FS 2 proxy server on proxy machine, she runs proxy configuration wizard (PCW) and needs to: Select or generate a certificate as identity of the AD FS 2 proxy server; Add certificate to AD FS Federation Service trusted proxy certificates list; Outside of AD FS management console, make sure certificate’s CA is trusted by AD FS Federation Service machines. Such above steps are needed to set up a level of trust between AD FS proxy server and AD FS Federation Service. AD FS proxy server might live in DMZ and provides one layer of insulation from outside attack. AD FS administrator need to keep track of proxy identity certificate life time and proactively renew it to make sure it doesn’t expire & disrupt its service. There’re several pain points around AD FS proxy setup & maintaining experience for AD FS 2 RC version: Setting up proxy involves touching multiple machines (both proxy and Federation Service machines); Maintaining AD FS proxy working state involves manual attention and steps.
Get Latest News
Subscribe to Digital News Hub
Get our daily newsletter about the latest news in the industry.