question

JamesEscober-4796 avatar image
0 Votes"
JamesEscober-4796 asked ·

ADFS Dedicated Server

Can ADFS server be installed on a machine with other server roles installed or non-MS application services? Or is should be dedicated to ADFS only? I'm trying to look for article or documentation that will support this scenario but could not find any. Thanks.

adfs
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
1 Vote"
piaudonn answered ·

Yes you can.

It creates some challenges The main two are the following:

  • Delegation Hard to delegate the management of only a service on a server having multiple services. And the local administrator of that mutualized server will have full control on all the installed services. Also, ADFS is often considered as a very sensitive service (tier-0), the administrator of ADFS can impersonate whoever she or he wants against any of the relying party trust. That is sometimes pushing customer to have its dedicated server.

  • Port conflicts The ADFS service needs to bind to TCP ports: 80 (if you use WID), 443, 49443 (if you use device authentication without the ADFS 2016 or above). If the other service needs those ports you won't be able to make them live together (although you can configure alternate ports to some extend on ADFS, it complexifies the solution).



· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Did that help?

0 Votes 0 ·