HSTS for ADFS Load Balancer

Question

I'm using BIGIP LTM as a load balancer for two ADFS servers as part of a hybrid Exchange deployment.&nbsp; I need to enable HSTS on the load balancer virtual server.&nbsp; Enabling HSTS requires an SSL profile, however the load balancer is currently configured as "Type: Performance (Layer 4)" which uses SSL pass-through and does not support SSL profiles.&nbsp; Is it possible to change the server type, enable an SSL profle, and enable HSTS without breaking my ADFS deployment?

daniel_wolf · Answer

Hi&nbsp;jwittenmyer,
even though the iApp for ADFS is deprecated, you can still follow the archived deployment guide. The config parameters and values described in&nbsp;Appendix A: Manual Configuration tables are still applicable.Your use case is described in the chapter named Configuring the BIG-IP LTM for load balancing AD FS or AD FS proxy servers: SSL Bridging.
From my memory - pay attention to the server name in the serverssl profile. ADFS requires SNI.
KRDaniel

ruby69 · Answer

Why is the header not always delivered indepentent of the entpoint? Basicly the URL adfs.domain.de delivers a webpage with status code 200.My Merrill

Forum Discussion

HSTS for ADFS Load Balancer

2 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

R4800 snmp issues.

Silent update AWS Marketplace F5 OWASP

F5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)

Block ipv6

Upgrade Path for BIG-IP 2000 – Out of Warranty and EoRMA Status

Related Content

Big-IP and ADFS Part 1 – “Load balancing the ADFS Farm”

ADFS Proxy Replacement on F5 BIG-IP

HSTS is not working.

Big-IP and ADFS Part 5 – “Working with ADFS 3.0 and SNI”

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS