I am new to ADFS and I want to use one but don't know what the architecture would look like.
For Internal use. Am I right to use this diagram?
What ports are needed to communicate between the ADFS and DC?
Do I need to use ADFS proxy for internal network use?
Do internal clients need certificate of ADFS server?
For External use (internet). Would this be the right diagram?
Am I right to say that only port 443 is used between ADFS proxy and ADFS Server?
ADFS proxy should be the only connected to the internet?
And that only traffic from port 443 should be allowed to the ADFS proxy ?
Do External users need a certificate from ADFS proxy or ADFS Server?
Should the ADFS proxy be joined to the domain?
How to secure ADFS proxy since it is facing the internet?
I am planning only 1 ADFS Server, is the ADFS farm a failover solution? Can I easily add new one ADFS server to an existing one to form a FARM?
I have been searching the internet and there are tons of resource that so much information it's hard to have an answer to my questions. I hope somebody could give clarity to my questions.