We are implementing AD FS 4.0 with (server based, not APM) WAP, and would like to be able to see who is using the service by means of source ip address. Now, as stated by MS the requirements are as follows:
AD FS is a stateless system. Hence, load balancing is fairly simple for logins. The following are key recommendations for load balancing systems.
The first thing that popped up in my mind was to insert the xff header, but that would require SSL offloading, breaking the ADFSPIP trust relationship between WAP and AD FS, as per AD FS 4.0. So that means rule 2 and 3 are in contradiction to each other and therefor an impossible combination. (tried it - not working ofcourse)
Would using APM as WAP - instead of using servers - do any good? Or something else i overlooked?
There must be more people using this setup that stumbled on this same problem.