I have a .NET application that uses ADFS for SSO. It works when I test it on my local machine and test environment but it fails when deployed to the client environment.
The client environment is like this:
HTTPS Public IP:443 -> NAT Internal IP -> Accelerator:80 -> Load Balancer:80 -> Reverse Proxy Server:80 -> APP Server:80
The reverse proxy will URL rewrite from app.url.com to app-internal.url.com
The application should work like this:
-
User will access http s://app.url.com/appname. Then .NET Application on first load will redirect the user to an ADFS server: http s://adfsurl.domain.com/adfs/ls?
-
Upon successful authentication, the ADFS will redirect back to the application URL.
My issue is that the application is redirecting to http://app.url.com/adfs/ls/? instead of http s://adfsurl.domain.com/adfs/ls?
Is there any other configuration I need to do like outbound rule?
Best Answer
You may need to deselect Reverse rewrite host in response headers in the ARR settings and additionally set preserveHostHeader="true" in applicationhost.config
To set preserveHostHeader="true" in applicationhost.config:
%WINDIR%\System32\inetsrv\appcmd.exe set config -section:system.webServer/proxy /preserveHostHeader:"True" /commit:apphost
See:
https://stackoverflow.com/questions/4243959/iis-reverse-proxy-with-rewrites-cant-handle-a-redirect-from-the-server-we-proxy
https://stackoverflow.com/questions/43433352/sso-adfs-redirection-issue-with-reverse-proxy-with-arr