ADFS Proxy Replacement on F5 BIG-IP
BIG-IP Access Policy Manager can now replace the need for Web Application Proxy servers providing security for your modern AD FS deployment with MS-ADFSPIP support released in BIG-IP v13.1. This arti...
Published Mar 13, 2018
Version 1.0
Graham_Alderso1
Employee
EmployeeGraham_Alderso1Employee
Employee
CEMIT2
Nimbostratus
NimbostratusHi Graham, We fixed it. It seems you cannot build ADFS proxy trust from a Standby node.
There was not any information in the logs or deployment documentation that indicated the trust must be built on the active node. No traffic apart from the health checks were triggered from the Standby Node. This is why I had asked the question specifically, if building trust would be impacted from Standby.
It would be fair to say many businesses work in the way of applying changes to a Standby Node, and making that node active, then syncing on success or returning back to Standby in failure.
If you could add specific errors for this scenario, or add this requirement to the documentation, I think this would resolve plenty of other client's issues.