0

I have a .NET application that uses ADFS for SSO. It works when I test it on my local machine and test environment but it fails when deployed to the client environment.

The client environment is like this: HTTPS Public IP:443 -> NAT Internal IP -> Accelerator:80 -> Load Balancer:80 -> Reverse Proxy Server:80 -> APP Server:80

The reverse proxy will URL rewrite from app.url.com to app-internal.url.com

The application should work like this:

  1. User will access http s://app.url.com/appname. Then .NET Application on first load will redirect the user to an ADFS server: http s://adfsurl.domain.com/adfs/ls?

  2. Upon successful authentication, the ADFS will redirect back to the application URL.

My issue is that the application is redirecting to http://app.url.com/adfs/ls/? instead of http s://adfsurl.domain.com/adfs/ls?

Is there any other configuration I need to do like outbound rule?

Yoshimori
  • 1
  • 1
  • 2

1 Answers1

1

You may need to deselect Reverse rewrite host in response headers in the ARR settings and additionally set preserveHostHeader="true" in applicationhost.config

  1. Open Internet Information Services (IIS) Manager.
  2. In the Connections pane, select the server.
  3. In the server pane, double-click Application Request Routing Cache.
  4. In the Actions pane, click Server Proxy Settings.
  5. On the Application Request Routing page, deselect Reverse rewrite host in response headers.

To set preserveHostHeader="true" in applicationhost.config:

  1. Run Command Prompt as Administrator
  2. %WINDIR%\System32\inetsrv\appcmd.exe set config -section:system.webServer/proxy /preserveHostHeader:"True" /commit:apphost

See:

https://stackoverflow.com/questions/4243959/iis-reverse-proxy-with-rewrites-cant-handle-a-redirect-from-the-server-we-proxy

https://stackoverflow.com/questions/43433352/sso-adfs-redirection-issue-with-reverse-proxy-with-arr

Brandon Hixson
  • 11
  • 1