ADFS and Azure Application proxy

Question

Hi All,

I have a ADFS setup in my lab environment which is created in my laptop. I use a share internet connection and do not have fixed Public IP address. The ADFS works as expected from within the virtual network in my Lab. I would like to use ADFS from external network also.

I already have a public Domain in place and also Azure tenant where this public domain is registered and verified. I was trying to use Azure App Proxy as a proxy for my internal ADFS server.

The App proxy is created and connector is installed on lab server which is having internet access via host network connection

I have also created DNS record for my ADFS service name in Domain name provider and is getting resolved from internet. This DNS record is pointing to the APP Proxy name in Azure

but still it is not working and failing at different stages

I have 2 questions

What is the suggestion to have ADFS server in my LAB to be accessible from Internet. Even if I buy a public IP address where to use that.
Has anyone used Azure App Proxy with on-Premise ADFS and does that work

Answer 1

Azure AD Application Proxy is designed to work with Azure AD and doesn’t fulfill the requirements to act as an AD FS proxy. See FAQ

For your scenario you could use a regular Web Application Proxy server that is open to the Internet on TCP port 443 and proxies traffic to the domain-joined ADFS server. Then you would edit the host file on the WAP server and enter the IP address of your ADFS server and your ADFS domain (i.e. 10.2.0.5 and adfs.mydomain.com), and you would configure a static IP for the WAP server.

Otherwise if you are using the Azure AD Application Proxy with Azure AD and have installed the Proxy Connector in your internal network, you need to allow ports 80 and 443 from the Connector out to the Internet.

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-deployment-plan

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/migrate-adfs-apps-to-azure