Does adfs 2019 support big ip F5 also i am unable to find anything on SQL DB requirements on ADFS 2019, Can you also confirm if ADFS supports Netscaler.
It depends what the F5 or NetScaler will do.
You can use any load balancer in the front of the ADFS servers or WAP servers. As long as:
- they support SNI for inbound connections
- they support SNI for the health probes (else you'll have to configure some custom bindings)
- don't break the SSL tunnel between the WAP servers and ADFS servers
- don't break the SSL tunnel between the client and the ADFS farm if you use certificate based authentication
- capable of showing the real IP of the client to the WAP servers and ADFS servers (else it will only show the IP of the load balancer in the logs).
Now, if you plan to use F5 or NetScaler as a replacement for WAP (ADFS Proxy), then we have guidance. A third party ADFS Proxy can supported as long as it stick the the following specifications: MS-ADFSPIP: Active Directory Federation Services and Proxy Integration Protocol. As of today, only Big F5 did the work and can be a full replacement of WAP (with no loss of a security nor features). AFAIK, NetScaler did not.
As both F5 and Citrix (NetScaler) are third party vendors, you should check with them if they support ADFS 2019 or not.
As far as I know ADFS does support NetScaler, but better ask Citrix if they support the latest version of ADFS 2019.
Thanks all for your response, could you also confirm if when upgrading from ADFS server 2012 to 2019 via Add to farm with a SQL DB, in addition to Service communication certificate do i also have to export token signing, claims provider trust certificate and the encryption certificate over to new 2019 servers .
6 people are following this question.