3

I am new to ADFS implementation, now trying to do some POC to check how ADFS works.

I have created an AWS EC2 instance, Installed AD DS with

Root Domain: branch.tree

Post Domain Changes implemented on EC2, the target server is changed to something like below

adfs.branch.tree.com

After AD DS successfully configured, I have installed and configured ADFS3.0 in the same instance with details as below

Federation Service Name: adfs-sts.branch.tree.com

Now, Do I need to create a subdomain for 'Branch' under tree domain and config this to a load balancer?

How can we make adfs-sts.branch.tree.com/adfs/ls/idpinitiatedsignon.htm available over the internet?

I tried to access the same URL with Public IP, it is accessible but when tried with FQDN it is not accessible.

Kumar_diru
  • 121
  • 9

1 Answers1

0

If it is accessible by IP but not by URL, the first thing you need to check is DNS resolution ( nslookup adfs-sts.branch.tree.com ) and make sure it matches up. If it does, start checking the DNS A and PTR records for bad entries.

Since you are hosting both pieces on AWS you may be using Route 53, so sharing your configuration there would be the next troubleshooting step.

lasleyd
  • 174
  • 6
  • I checked DNS A and PTR records both look good, I have configured an ELB and made adfs-sts.branch.tree.com domain configured to same. Still no luck – Kumar_diru Apr 06 '19 at 07:38
  • Ah, you have an ELB in the mix as well. In that case, you'll need to create a CNAME for that ELB HTTPS listener: `CNAME >> ELB HTTPS Listener >> TCP ELB (Classic) >> ADFS` AWS is not as flexible as Azure for ADFS installs - keep in mind their go-to architecture is https://docs.aws.amazon.com/quickstart/latest/wap-adfs/architecture.html – lasleyd Apr 06 '19 at 22:47