cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

HSTS for ADFS Load Balancer

jwittenmyer
Nimbostratus
Nimbostratus

I'm using BIGIP LTM as a load balancer for two ADFS servers as part of a hybrid Exchange deployment.  I need to enable HSTS on the load balancer virtual server.  Enabling HSTS requires an SSL profile, however the load balancer is currently configured as "Type: Performance (Layer 4)" which uses SSL pass-through and does not support SSL profiles.  Is it possible to change the server type, enable an SSL profle, and enable HSTS without breaking my ADFS deployment?

2 REPLIES 2

Hi @jwittenmyer,

even though the iApp for ADFS is deprecated, you can still follow the archived deployment guide. The config parameters and values described in Appendix A: Manual Configuration tables are still applicable.
Your use case is described in the chapter named Configuring the BIG-IP LTM for load balancing AD FS or AD FS proxy servers: SSL Bridging.

From my memory - pay attention to the server name in the serverssl profile. ADFS requires SNI.

KR
Daniel

Ruby69
Nimbostratus
Nimbostratus

Why is the header not always delivered indepentent of the entpoint? Basicly the URL adfs.domain.de delivers a webpage with status code 200.

My Merrill