ADFS WAP servers failed to establish trust with ADFS 2019 servers using internal vip

Question

Hello guys,We are in ADFS 2019 environnment.I have 2 ADFS servers internally and 2 WAP servers in DMZ.I have 1 vs(ssl bridging on F5 DMZ) to loadblalance WAP servers for external usersand another vs (ssl bridging on internal F5) to loadblalance ADFS servers for internal users.The WAPs goes through the internal vip which load balanced internal ADFS servers.The problem seems to be with the Trust with the Primary ADFS servers (using powershell command line "Install-WebApplicationProxy).The WAP servers are not able to reestablish trust.But the trust work when WAP servers point directly to internal ADFS serverPlease advise how can i fix this.Thanks,

michael_saleem · Accepted Answer

Is it possible to try the following:VS #1 (traffic between external users and WAP servers) - Configure SSL bridgingVS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-throughI believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.

raydakis · Answer

Hello Michael,&nbsp;I'll try It.Many thanks,&nbsp;&nbsp;

Forum Discussion

ADFS WAP servers failed to establish trust with ADFS 2019 servers using internal vip

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

2 internal server vlans

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

Re: Using Terraform and Volterra to establish secure connectivity between clouds

Create isolated environment for internal and external networks