Forum Discussion
CirrostratusADFS PROXY TRUST NOT WORKING
Hi experts, We are in a deployment of ADFS Load Balancing. So we will replace wap using bigip.
We've configured it using iApps ADFS, however when we try to enter username and password to establish trust there is an error say's can't connect to ADFS.
Not sure if this has something to do with FW or ADFS config but when we try to look the pcap 3WHS is complete but after bigip sends Client Hello ADFS server sent rst packet.
Would you guys know what is the issue on this or have you encounter this before?
We will continue our tshooting tomorrow and will try to allow all traffic from f5 to adfs, and configure 1pool member(adfs server) only as part of isolation.
Thanks.
I ran into the same issue and the problem is that the SSL Client Hello sent by the BIG-IP must include Server Name Indication as an extension. To do this, create a server SSL profile and populate 'Server Name' option.
F5beginner_3849Nimbostratus
Hello,
did you solve this problem, if yes, please share with me, I have a same issue.
Thank you
NathYou need to check carefully the SNI and the server name of the AD Server.
- F5beginner_3849
Hi Nathaneil0227,
I have already checked ADFS Server, but I do not know, what should be the SNI? Should there be FQDN of ADFS ?
Thank you
- Nath
Hi on the wizard configuration of adfs, there is a part where you will input the ad fqdn that the bigip will establish adfs trust. That is the item that you need to check carefully.