Hi, I'm new to Claims Based Authentication and come from a SysAdmin background. Looking at providing ADFS 2 as an IdP to provide Single Sign On services to a 3rd party cloud app which supports SAML 2. My question:
I will purchase a 3rd party certificate for the Service Communications Certificate and install to Federation Server. This needs to be accessed by the Service Provider, therefore my ADFS installation by this logic needs to be exposed to the internet. Correct? I think so. This is one reason to use a Federation Proxy in my classic DMZ as it would have same cert (only internal users allowed to access 3rd party app for the moment).
Cheers
Jim