question

SukhwinderSingh-7853 avatar image
0 Votes"
SukhwinderSingh-7853 asked lalajee commented

ADFS and Azure Application proxy

Hi All,

I have a ADFS setup in my lab environment which is created in my laptop. I use a share internet connection and do not have fixed Public IP address. The ADFS works as expected from within the virtual network in my Lab. I would like to use ADFS from external network also.

I already have a public Domain in place and also Azure tenant where this public domain is registered and verified. I was trying to use Azure App Proxy as a proxy for my internal ADFS server.

The App proxy is created and connector is installed on lab server which is having internet access via host network connection

I have also created DNS record for my ADFS service name in Domain name provider and is getting resolved from internet. This DNS record is pointing to the APP Proxy name in Azure

but still it is not working and failing at different stages

I have 2 questions

What is the suggestion to have ADFS server in my LAB to be accessible from Internet. Even if I buy a public IP address where to use that.
Has anyone used Azure App Proxy with on-Premise ADFS and does that work

adfsazure-ad-application-proxy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SukhwinderSingh-7853

Hi,

Were you able to get this working as i'm trying to do same. I dont have any public IP address or dmz

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered

Azure AD Application Proxy is designed to work with Azure AD and doesn’t fulfill the requirements to act as an AD FS proxy. See FAQ

For your scenario you could use a regular Web Application Proxy server that is open to the Internet on TCP port 443 and proxies traffic to the domain-joined ADFS server. Then you would edit the host file on the WAP server and enter the IP address of your ADFS server and your ADFS domain (i.e. 10.2.0.5 and adfs.mydomain.com), and you would configure a static IP for the WAP server.

Otherwise if you are using the Azure AD Application Proxy with Azure AD and have installed the Proxy Connector in your internal network, you need to allow ports 80 and 443 from the Connector out to the Internet.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-deployment-plan

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/migrate-adfs-apps-to-azure


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.