用于MFA服务器移动应用Web服务的Active Directory联合身份验证服务(ADFS)和IIS [英] Active Directory Federation Services (ADFS) and IIS for MFA Server Mobile App Web Service
问题描述
您好,
在我们的基础架构中,我们有一个虚拟的ADFS 3.0服务器和一个面向Web的应用程序代理(wap)对于ADFS服务器。
此外,我们在与ADFS相同的虚拟机上安装了多因素身份验证服务器。
我们想要通过移动应用评估MFA的功能,因此我们需要安装 Multi- ADFS上的因子身份验证SDK和 多因素
面向Web服务器的面向身份验证服务器移动应用Web服务。两者(SDK和移动应用程序服务)都是通过IIS提供的。
我们的目标是使用我们已经在我们的基础设施(ADFS和WAP)中使用的服务器用于MFA移动应用场景,但ADFS已经通过http.sys直接在端口443上运行(没有
IIS)。
我们已经在ADFS服务器上安装了MFA SDK,它似乎不会干扰ADFS服务(在同一个端口上运行)。但它是否支持
/推荐将这两个应用程序放在同一台服务器/使用相同的WAP服务器发布它的场景??
干杯,
Patrick
嗨帕特里克,
它没有干扰,因为ADFS使用的是http.sys而不是IIS + SNI。
不幸的是,微软没有说明是否支持这种情况或不在MFA prequsites或ADFS网站上......
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started -server /
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server-webservice/
如果我要说(这不是微软的正式声明!)我会说它得到支持......但也许你应该在IIS论坛上询问......
Hi,
In our infrastructure we have a virtual ADFS 3.0 server and an intern facing web application proxy (wap) for the ADFS server.
Additionally we have a multi factor authentication server installed on the same virtual machine as the ADFS.
We want to evaluate the capabilities of MFA with mobile apps and therefore we need to install the Multi-Factor Authentication SDK on the ADFS and the Multi-Factor Authentication Server Mobile App Web service on an internet facing web server. Both (the SDK and the Mobile App service) are provided via IIS.
We aim to use the servers we already have in our infrastructure (ADFS and WAP) for the MFA mobile app scenario but ADFS is already running on port 443 directly via http.sys (without IIS).
We already installed the MFA SDK on the ADFS server and the it doesn't seem to interfere with the ADFS service (running on the same port). But is it a supported / recommended scenario to have this two applications on the same server / use the same WAP server to publish it??
Cheers,
Patrick
Hi Patrick,
It doesn't interfere as ADFS is using http.sys and not IIS + SNI.
Unfortunately Microsoft doesn't state if such scenario is supported or not in MFA prerequsites nor on ADFS sites...
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server/
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server-webservice/
If I were to say (it is not an official Microsoft statement!) I would say it is supported... but maybe you should ask on IIS forum...
这篇关于用于MFA服务器移动应用Web服务的Active Directory联合身份验证服务(ADFS)和IIS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
