question

AthulyaPillai-7025 avatar image
0 Votes"
AthulyaPillai-7025 asked piaudonn commented

Can we access ADFS sign in url with IP address?

Hello Team,
I am able to access ADFS sign in url with FQDN https://<server-FQDN>/adfs/ls/IdpInitiatedSignon.aspx

However,I am not able to access aDFS sign in url with IP address https://<server-IPAddress>/adfs/ls/IdpInitiatedSignon.aspx

Is it possible to use with IP address? If yes, please help me to asccess the adfs url with IP address

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered piaudonn commented

The real question is should you? :)

The ADFS server doesn't listen on the <IP>:443. It uses the SNI extension of TLS and needs the connexion to be established with the FQDN.
In theory you could add an HTTPS listener for <IP>:443 using NETSH. But then you would also add the IP address as a Subject Alternative Name in your certificate extension. And that's frown upon as IP address could change (so not easy to maintain a certificate) and could be spoofed (although name could also be spoofed). You could also add a default listener for HTTPS with NETSH.

So although possible, I would not advise to do so. Why are you looking at this? Is that for monitoring? If so, let us know what you use for that because most of the load balancer health probing mechanisms do support SNI nowaday.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the response.
I would like to know the steps to add the IP Address as SAN

0 Votes 0 ·
piaudonn avatar image piaudonn AthulyaPillai-7025 ·

It depends, are you using a Windows Server as a Certification Authority? Or a third party for certificates?

0 Votes 0 ·