ADFS, ISA and SSL offloading
- From: Avis77 <Avis77@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Jan 2009 14:27:01 -0800
I have an ADFS enabled web server configured behind ISA Server 2006. The web
agent is configured to communicate with a resource federation server which is
hosted elsewhere.
All communications work without issues for SSL i.e the client gets
authenticated with the account partner and gets access to the protected
resource on the web server.
Things go wrong when I change the configuration slightly i.e instead of SSL
traffic from ISA to the web server I offload SSL on ISA and make it plain
http. With this configuration, authentication with the account partner works
fine but the redirection from the resource federation server back to the web
site fails. ISA server log indicates that it is trying to resolve the web
site url with external ip of the web site configured in the web publishing
rule on ISA in combination with the internal web site port.
For example, if the external ip for the published web site is 10.32.181.1 on
port 80 and the internal ip for the web site is 172.20.1.1 on port 81, ISA
tries to resolved it as 10.32.181.1:81 and fails with the message
unidentified ip traffic : 81. Whereas, everything works fine if SSL
offloading is not performed.
Can someone help me in understanding what's happening and how to fix it? I
really want to offload SSL on the firewall and have only http requests
hitting the webserver.
.
- Follow-Ups:
- Re: ADFS, ISA and SSL offloading
- From: Phillip Windell
- Re: ADFS, ISA and SSL offloading
- Prev by Date: Re: Trust Requirements -- PDC to PDC Only?
- Next by Date: Re: what's the effect?
- Previous by thread: Distribution List management
- Next by thread: Re: ADFS, ISA and SSL offloading
- Index(es):
Relevant Pages
|
