Hi All,
I am fairly new to ADFS and working on setting up ADFS for our website that uses it for a "SAML Assertion Consumer Endpoint" on a "Relying Party Trust" claim. Basically the "SAML Assertion Consumer Endpoint" has a Trusted URL set for a POST binding. There are also a few "Relying party identifiers" set on this SAML Endpoint as well.
I have ADFS working from a internal perspective with our website and SSO. As long as the user is on our internal network...ADFS works just fine and SSO can be used on the website. If the user tries to access the website externally with no VPN....ADFS does not work (I know this is because the AD FS service name doesn't have an external DNS resolution and then the proper ports/paths setup even if it does resolve externally).
I am working on setting up a WAP to expose ADFS securely to the internet. I am a little confused on WAP and setting up the Published Application though. With the setup described above...what does the External/Internal URL have to be set too? Is it the "Trusted URL" setting on the SAML Endpoint?
In our environment, we try to funnel all incoming traffic to our front-end Reverse Proxy (IIS URL Re-write Module) servers and have those servers decide where to send the http traffic. Ideally...if I can...I would like to setup this traffic to go the reverse proxies...be forwarded to the WAP server and then have the WAP server contact the ADFS server and authentication the user.
All articles I can find on ADFS WAP is mostly with Office 365/SharePoint/etc...so trying to figure this out as best as I can. Any input would greatly be appreciated!