Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

HSTS for ADFS Load Balancer

jwittenmyer
Nimbostratus
Nimbostratus

I'm using BIGIP LTM as a load balancer for two ADFS servers as part of a hybrid Exchange deployment.  I need to enable HSTS on the load balancer virtual server.  Enabling HSTS requires an SSL profile, however the load balancer is currently configured as "Type: Performance (Layer 4)" which uses SSL pass-through and does not support SSL profiles.  Is it possible to change the server type, enable an SSL profle, and enable HSTS without breaking my ADFS deployment?

2 REPLIES 2

Daniel_Wolf
Nacreous
Nacreous

Hi @jwittenmyer,

even though the iApp for ADFS is deprecated, you can still follow the archived deployment guide. The config parameters and values described in Appendix A: Manual Configuration tables are still applicable.
Your use case is described in the chapter named Configuring the BIG-IP LTM for load balancing AD FS or AD FS proxy servers: SSL Bridging.

From my memory - pay attention to the server name in the serverssl profile. ADFS requires SNI.

KR
Daniel

Ruby69
Nimbostratus
Nimbostratus

Why is the header not always delivered indepentent of the entpoint? Basicly the URL adfs.domain.de delivers a webpage with status code 200.

My Merrill