Condividi tramite

After enabling AD Federation Service (ADFS) you are being refered to your internal domain

  • Articolo

After entering your federated domain account in a browser, are you being redirected to your internal domain name (e.g. adfs.contoso.local) instead of public domain name (e.g. adfs.publicdomain.com)?

  • RDP to your ADFS server
  • Install and open the Windows Azure Active Directory Powershell, for more details see this blog post
  • Execute “Get-MsolFederationProperty –DomainName” with your external domain name e.g. “adfs.myexternaldomain.com”
     

PS C:\Windows\system32> Get-MsolFederationProperty -DomainName adfs.myexternaldomain.com

Source : ADFS Server
ActiveClientSignInUrl : https://adfs.contoso.local/adfs/services/trust/2005/usernamemixed
FederationServiceDisplayName : Contoso Corporation
FederationServiceIdentifier : https://adfs.contoso.local/adfs/services/trust
FederationMetadataUrl : https://adfs.contoso.local/adfs/services/trust/mex
PassiveClientSignInUrl : https://adfs.contoso.local/adfs/ls/
PassiveClientSignOutUrl : https://adfs.contoso.local/adfs/ls/    

  <more stuff here, not listed>

  

  • The output above is likely to be listing output referencing to your local (internal) domain name.
  • Open AD FS management, go to “Edit Federation Service Properties”

image

  • Change the references from the internal domain name to the public domain names.
    • If this is already the correct information, continue with the following steps anyway.
  • Hit OK and close AD FS management
  • In the PowerShell window, execute a Update-MsolFederatedDomain –domainname “adfs.myexternaldomain.com”

image

Check by using “Get-MsolFederationProperty -DomainName adfs.myexternaldomain.com” or your browser to see if you are being redirected to the correct URL this time.

Consider leaving a reply in case this post helped you. Thanks!

Comments

  • Anonymous
    June 23, 2014
    The comment has been removed
  • Anonymous
    June 24, 2014
    The comment has been removed
  • Anonymous
    January 14, 2015
    If my UPN suffix is my internal domain (user@contoso.local), would this allow SSO to work externally for (user@contoso.com)? Or would we have to change UPN suffixes?
  • Anonymous
    June 15, 2017
    Brilliant! You saved my day!