We are converting a ASP.NET Web Application to Azure. The Authentication process is handled using LDAP call in the existing code, but we are planning for ADFS integration. The ADFS server already exposing the claims to Microsoft Federation Gateway to consume by other applications.
- When to use Azure Load Balancer or Application Gateway 10th of April, 2017 / Simon Waight / No Comments. Category: Uncategorized. Previous Post: Being a Kloudie in our Brave New World. Next Post: Joining Identities between Active Directory and Azure Active Directory using Microsoft Identity Manager.
- In Part 1 of Configuring Azure Application Gateway with AD FS we covered the existing architecture AD FS and the target AD FS architecture. Finally we deployed an Application Gateway with a basic configuration. So lets have a look at the logical configuration of what AD FS with a Application Gateway running a Web Application Firewall will look like.
- The ability to open cloud based resources which integrate with Azure Active Directory without having to sign on again has been the domain of ADFS up until this point. With the latest release of Azure AD Connect and Windows 10 1511 on-wards however we can now achieve a similar experience.
Availability Sets
Some time ago i wrote up a post (located here) explaining how you can setup traffic manager with ADFS and have proper monitoring of the service. Today i will go over how to setup ADFS behind the Azure Application Gateway. This will enable you to protect your ADFS service and monitor it with the WAF provided by the application gateway.
Before we begin one prerequisite which i am still not sure if its really needed but i had problems and i believe this fixed it:
You need to set the default HTTPS Binding, i believe this is required as i am not sure if the health probe is truly SNI compliant, i might be wrong here but it doesn’t hurt to set this. To set it you simply need to run the following command on the WAP servers (just change the cert hash):
Azure Application Gateway Configuration
And that’s it, this is not only a secure solution but it will give you a proper monitoring of both the WAP and ADFS servers. Works great with loadbalancing between on-prem and Azure.