ADFS 3.0基于表单的身份验证在Internet上无法正常运行 [英] ADFS 3.0 Form Based Authentication is not working properly from internet
问题描述
我们有2台ADFS 3.0服务器由F5负载均衡。 F5表现为代理,因为我们的ADFS服务器场没有WAP。目前正在为Intranet设置
Windows集成身份验证,并且正在为ADFS中的Extranet用户设置
基于表单的身份验证。从Mozilla或FireFox访问ADFS URL时,基于表单的身份验证工作正常,但是当您使用IE时,您将从Internet获得Windows集成身份验证提示。我们是
无法理解和解决为什么用户从互联网上获取Windows集成身份验证的原因虽然我们在流量通过互联网时有FBA。我的配置中是否有我缺少的东西?
We have 2 ADFS 3.0 servers load balanced by F5. F5 is behaving as a proxy as we don't have WAP for our ADFS farm. Currently
Windows Integrated Authentication is being set for intranet and
Forms based Authentication is being set for extranet users in ADFS. Forms based authentication works fine when you access ADFS URL from Mozilla or FireFox but when you use IE you get a Windows Integrated Authentication prompt from internet. We are
unable to understand and troubleshoot why user's are getting Windows Integrated Authentication from internet although we have FBA when traffic is coming through internet.Is there something i am missing in my configuration?
任何建议都将受到高度赞赏。谢谢。
Any suggestion will be highly appreciated. Thanks.
此致,Riaz Javed Butt |顾问Microsoft专业服务MCITP,MCITP(Exchange),MCSE:消息,MCITP Office 365 | msexchgeek.wordpress.com
Regards, Riaz Javed Butt | Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365 | msexchgeek.wordpress.com
推荐答案
出于某种原因,ADFS仅将来自WAP的流量视为"Extranet"。交通。也许您可以检查WAP是否向ADFS服务器发送某种标头,并且您能够编写F5脚本以发送该标头?
For some reason ADFS only sees traffic coming from WAP as "Extranet" traffic. Maybe you can check if WAP sends some kind of header towards the ADFS server and you are able to script the F5 to also send that header?
可以使用免费的完整演示环境,包括通过浏览器运行的ADFS 2012R2 + WAP服务器+客户端
There is a free full demo enviroment availlable including ADFS 2012R2 + WAP server + clients over here which runs from your browser:
http://go.microsoft.com/ ?linkid = 9842896
http://go.microsoft.com/?linkid=9842896
也许你可以在那里捕捉任何关于ADFS检测外联网流量的内部工作原理?
这篇关于ADFS 3.0基于表单的身份验证在Internet上无法正常运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
