Share via

ADFS Server not responing on federation service name (DNS is working)

Richard McLaughlin 1 Reputation point
2022-03-29T08:46:48.93+00:00

We are trying to set up ADFS to test an issue with clients SSO for our application (SP initiated SAML2.0).

We have set up a small internal network of 1x DC and 1x ADFS server on a local vnet and installed the role without issue. DNS has been configured using the federation service name and pings resolve the correct IP.

All firewall ports are open but the metadata file can only be viewed on the ADFS machine using http://Localhost ....

If we add to hosts file then it works locally but can not be browsed from any machine on the vnet (just get 404 error).

Other useful information: using a wildcard ssl cert.

Any help or guidance would be greatly appreciated.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,794 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee
    2022-03-29T20:24:31.91+00:00

    Since I cannot repro, I would need traces or logs of some sort to investigate further...

    AD FS uses the SNI extenstion of TLS so it is critical that the name that shows in the output of Get-ADFSProperties is matching what the user-agent is using (what the user typed in the browser).
    Maybe the user's browser has a proxy configured? Or other network conditions (or other browser's settings).

    0 comments