locked
ADFS URL from CRM Server on Internal Zone RRS feed

  • Question

  • Hello,
    I have a simple question of IFD configuration of CRM. Can we change the redirect URL for claims-based, other than what we configure on Deployment Manager?


    I'm planning CRM 2011 with IFD in an Internal zone for our customer. Users access to CRM through reverse proxy on DMZ. Access from the internal zone to public internet is not permitted. The customer will want to rewrite accessing url by the reverse proxy as they do with their other web applications.

    [ADFS endpoint and access route]

    When we configure Claims-Based Authentication, the AD FS endpoint needs to be accessed by the CRM server and the users. If I set to an internal url like https://sts.[internaldomain].local/federationmetadata/2007-06/federationmetadata.xml, the user cannot access the adfs because of name resolution failure. We will not register the public dns. 
    If an external url like https://sts.[externaldomain].com/federationmetadata/2007-06/federationmetadata.xml (after SPN and internal DNS configuration on internal zone) is set, the reverse proxy url changes to the same external url when accessing the ADFS, which is useless.



    So to make the reverse proxy rewrite url, is there any way to distinguish urls that we configure on Deployment Manager and that CRM returns to users?



    • Edited by hikaruLA Thursday, January 16, 2014 4:37 AM add image of [ADFS endpoint and access route]
    Thursday, January 16, 2014 1:44 AM