question

hurryhao avatar image
0 Votes"
hurryhao asked piaudonn answered

adfs web proxy

Excuse me, if I want adfs external public network service, do I have to enable the web proxy?

If you don't use a web proxy, will it be impossible to provide services to the public network?

Is there a security risk suggesting the use of a web proxy, or is it officially restricted by Microsoft. If you want to provide services to the public network, you must use a web proxy?

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered

You should use a Web Application Proxy (or a supported replacement) if you want to expose your ADFS service externally.

You don't have to (froma technical standpoing) BUT you really should. If you don't some security options will not work (such as account lockout protection) and other things will not work well (like authentication policies - ADFS will always think that users are connected internally thus will apply the wrong authentication policy).

If you don't want to expose the ADFS service externaly because you have no use case for external users to connect to the apps federated with ADFS, then you don't have to do anything.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.