Does adfs 2019 support big ip F5 and ADFS 2019 DB requirments

Anil Rana 41 Reputation points
2020-04-24T05:32:36.887+00:00

Does adfs 2019 support big ip F5 also i am unable to find anything on SQL DB requirements on ADFS 2019, Can you also confirm if ADFS supports Netscaler.

Thanks,
Anil

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,214 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2020-04-24T13:51:26.413+00:00

    It depends what the F5 or NetScaler will do.

    You can use any load balancer in the front of the ADFS servers or WAP servers. As long as:

    • they support SNI for inbound connections
    • they support SNI for the health probes (else you'll have to configure some custom bindings)
    • don't break the SSL tunnel between the WAP servers and ADFS servers
    • don't break the SSL tunnel between the client and the ADFS farm if you use certificate based authentication
    • capable of showing the real IP of the client to the WAP servers and ADFS servers (else it will only show the IP of the load balancer in the logs).

    Now, if you plan to use F5 or NetScaler as a replacement for WAP (ADFS Proxy), then we have guidance. A third party ADFS Proxy can supported as long as it stick the the following specifications: MS-ADFSPIP: Active Directory Federation Services and Proxy Integration Protocol. As of today, only Big F5 did the work and can be a full replacement of WAP (with no loss of a security nor features). AFAIK, NetScaler did not.

    2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Leon Laude 85,701 Reputation points
    2020-04-24T12:03:31.933+00:00

    Hi,

    As both F5 and Citrix (NetScaler) are third party vendors, you should check with them if they support ADFS 2019 or not.

    F5 forum
    https://devcentral.f5.com/s/

    As far as I know ADFS does support NetScaler, but better ask Citrix if they support the latest version of ADFS 2019.

    Citrix forum
    https://discussions.citrix.com/

    Best regards,
    Leon

    0 comments No comments

  2. Anil Rana 41 Reputation points
    2020-04-27T08:30:52.577+00:00

    Thanks all for your response, could you also confirm if when upgrading from ADFS server 2012 to 2019 via Add to farm with a SQL DB, in addition to Service communication certificate do i also have to export token signing, claims provider trust certificate and the encryption certificate over to new 2019 servers .

    Thanks,
    Anil

    0 comments No comments