ADFS 3 : Adding Multiple Domain

pn_07 6 Reputation points

Currently we have ADFS running on server 2012r2 ... with DNS as
Now we have a requirement to add second domain/DNS to our existing ADFS federation for one application.

For eg:
App 1 :

App2 2 :

Please let me know how to achieve this.


Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,164 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,151 Reputation points Microsoft Employee

    So in theory yes we can set up something that does the trick from a DNS perspective. But there is a lot of caveats...

    You will need to make sure that you have the proper DNS record in An A record pointing to the same IP as the ADFS A record in
    You will need to ensure that the TLS (aka Service Communication Certificate) has the proper alternative subject name to reference either * or on the top of the existing ones.
    You will need to add the SPN HOST/ to the ADFS service account in AD.
    You will need to make sure that the URL is trusted in your browser to do Windows Integrated Authentication (else no single sign-on).
    On the ADFS server, you will need to configure the new SNI binding like:
    netsh http add sslcert certhash=<the thumbrint of your TLS cert> appid={5d89a20c-beab-4389-9447-324788eb944a} certstorename=MY

    Now, that's the theory, because in practice, this will not work all the time and is not officially tested. In other words, that's an unsupported configuration. The metadata of the ADFS farm will also not contain those URI/URL either and this will likely not work through a WAP. Better to work through those "restriction" IMO.