ADFS endpoint configurations

Devandran 31 Reputation points
2021-11-30T07:33:56.797+00:00

Hi Team,

I would like to check, there is ADFS server being setup in our development environment for testing purpose.

currently the endpoint is being used as https://serverhostname.testdomain.com/adfs/ls

There is a requirements from development team that the URL should be visible as https://adfs.testdomain.com/adfs/ls

Where should i make the changes so the ADFS url is accesible using as https://adfs.testdomain.com/adfs/ls

Please advise. TQ.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,169 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,151 Reputation points Microsoft Employee
    2021-11-30T13:54:46.64+00:00

    AD FS is leveraging SNI from TLS. The hostname used to established the TLS tunnel has to match the ADFS farm name that you can see in the administrative console and in the output of Get-ADFSProperties (it is the name you pick at the installation).

    To have the server listen on another hostname, you need to add that name to the HTTP bindings. You can use the following command on the ADFS server:

    netsh http add sslcert ipport=adfs.testdomain.com:443 certhash=<hash of the TLS cert> appid={5d89a20c-beab-4389-9447-324788eb944a}
    

    You need to replace <hash of the TLS cert> with the actual hash.
    {5d89a20c-beab-4389-9447-324788eb944a} is the App Id of ADFS.

    If you are also using a WAP, the following command can be ran on the WAP:

    netsh http add sslcert ipport=adfs.testdomain.com:443 certhash=<hash of the TLS cert> appid={f955c070-e044-456c-ac00-e9e4275b3f04}
    

    {f955c070-e044-456c-ac00-e9e4275b3f04} is the APp Id of WAP.

    0 comments No comments

  2. Limitless Technology 39,201 Reputation points
    2021-12-01T09:47:47.197+00:00

    Hi there,

    Open the ADFS Management application, on the right, is the "Edit Federation Service Properties" and change the Federation service name and identifier with the new domain name. In your case, it will be https://adfs.testdomain.com/adfs/ls. Update the ADFS certificate that it uses.

    You can use this article to get the detailed steps behind the process https://social.technet.microsoft.com/wiki/contents/articles/37530.adfs-how-to-change-the-adfs-server-fqdn-from-one-domain-to-another.aspx

    AD FS user sign-in customization
    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-user-sign-in-customization

    -------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments