Can we access ADFS sign in url with IP address?

Athulya Pillai 46 Reputation points
2021-10-05T10:50:22.31+00:00

Hello Team,
I am able to access ADFS sign in url with FQDN https://<server-FQDN>/adfs/ls/IdpInitiatedSignon.aspx

However,I am not able to access aDFS sign in url with IP address https://<server-IPAddress>/adfs/ls/IdpInitiatedSignon.aspx

Is it possible to use with IP address? If yes, please help me to asccess the adfs url with IP address

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,222 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee
    2021-10-06T01:06:49.463+00:00

    The real question is should you? :)

    The ADFS server doesn't listen on the <IP>:443. It uses the SNI extension of TLS and needs the connexion to be established with the FQDN.
    In theory you could add an HTTPS listener for <IP>:443 using NETSH. But then you would also add the IP address as a Subject Alternative Name in your certificate extension. And that's frown upon as IP address could change (so not easy to maintain a certificate) and could be spoofed (although name could also be spoofed). You could also add a default listener for HTTPS with NETSH.

    So although possible, I would not advise to do so. Why are you looking at this? Is that for monitoring? If so, let us know what you use for that because most of the load balancer health probing mechanisms do support SNI nowaday.