Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

ADFS PROXY TRUST NOT WORKING

Hi experts, We are in a deployment of ADFS Load Balancing. So we will replace wap using bigip.

We've configured it using iApps ADFS, however when we try to enter username and password to establish trust there is an error say's can't connect to ADFS.

Not sure if this has something to do with FW or ADFS config but when we try to look the pcap 3WHS is complete but after bigip sends Client Hello ADFS server sent rst packet.

Would you guys know what is the issue on this or have you encounter this before?

We will continue our tshooting tomorrow and will try to allow all traffic from f5 to adfs, and configure 1pool member(adfs server) only as part of isolation.

Thanks.

0
Rate this Question
Comments on this Question
Comment made 5 months ago by Chris Zhang

I ran into the same issue and the problem is that the SSL Client Hello sent by the BIG-IP must include Server Name Indication as an extension. To do this, create a server SSL profile and populate 'Server Name' option.

1
Comment made 1 month ago by F5beginner 55

Hello,

did you solve this problem, if yes, please share with me, I have a same issue.

Thank you

0
Comment made 1 month ago by Nathaneil0227 410

You need to check carefully the SNI and the server name of the AD Server.

0
Comment made 1 month ago by F5beginner 55

Hi Nathaneil0227,

I have already checked ADFS Server, but I do not know, what should be the SNI? Should there be FQDN of ADFS ?

Thank you

0
Comment made 1 month ago by Nathaneil0227 410

Hi on the wizard configuration of adfs, there is a part where you will input the ad fqdn that the bigip will establish adfs trust. That is the item that you need to check carefully.

0

Answers to this Question