Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

HSTS for ADFS Load Balancer

jwittenmyer
Nimbostratus
Nimbostratus

‎05-Apr-2022 06:38

I'm using BIGIP LTM as a load balancer for two ADFS servers as part of a hybrid Exchange deployment.  I need to enable HSTS on the load balancer virtual server.  Enabling HSTS requires an SSL profile, however the load balancer is currently configured as "Type: Performance (Layer 4)" which uses SSL pass-through and does not support SSL profiles.  Is it possible to change the server type, enable an SSL profle, and enable HSTS without breaking my ADFS deployment?

Labels:
0 Kudos
2 REPLIES 2

Daniel_Wolf
Nacreous
Nacreous

‎10-Apr-2022 09:51 - edited ‎10-Apr-2022 09:52

Hi @jwittenmyer,

even though the iApp for ADFS is deprecated, you can still follow the archived deployment guide. The config parameters and values described in Appendix A: Manual Configuration tables are still applicable.
Your use case is described in the chapter named Configuring the BIG-IP LTM for load balancing AD FS or AD FS proxy servers: SSL Bridging.

From my memory - pay attention to the server name in the serverssl profile. ADFS requires SNI.

KR
Daniel

0 Kudos

Ruby69
Nimbostratus
Nimbostratus

‎11-Apr-2022 21:10

Why is the header not always delivered indepentent of the entpoint? Basicly the URL adfs.domain.de delivers a webpage with status code 200.

My Merrill

0 Kudos
Copyright © 2023 Khoros, LLC