I'm new to Active Directory Federation Services (ADFS) and I'm looking for guidance on setting up an ADFS farm that spans two different sites. Each site operates on separate networks and has its own DNS domain, although they share an Active Directory domain. There's a firewall separating the two sites, so while services like AD and DNS can replicate between them, client computers cannot.
I want to deploy ADFS servers at each site as part of a farm, but I don't need them to be load balanced—rather, I want them to serve their local site with centralized management. I've gone through some setup guides, but they don't seem to address my more complicated scenario. Can anyone offer basic steps for planning this, or suggest if I'm looking at it all wrong and should consider a different approach?
2 Answers
If you're new to ADFS, I strongly suggest seeking advice from a Managed Service Provider (MSP). ADFS is complicated, and without experience, it could become a tough challenge to manage.
That said, if you're going solo, just remember that documentation is your best friend. ADFS requires careful planning around trust relationships and claims rules, which can be tricky if your two sites need to operate independently but with central management.
It sounds like you're trying to enable ADFS to authenticate for an app that relies on ADFS tokens rather than direct AD authentication. Make sure you clearly define the authentication flow you need for your application, especially how it will handle local authentication.
Since you're dealing with site isolation, it might help to ensure that each ADFS setup at the sites can handle local requests while still enabling the app to recognize and utilize the ADFS setup across both sites. You might want to start by checking the ADFS design document from Microsoft for complex setups—it provides a good framework.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures