Reputation: 95
SSO in Development environment
We want to use ADFS as our federated security service for authentication and have staging and production ADFS servers.
I have knocked up a simple MVC Web app that uses the staging server with the realm set to the url my site is running under "http://localhost:55483"
When I try to access a protected resource it correctly redirects me to the ADFS server, which in turn redirects me to the IdP to login. Both the IdP and ADFS server use scripts in their responses to auto-submit html forms, back to the ADFS server and then to my own site to pass the security token around.
The problem is when it redirects back to my site it has upgraded to HTTPS!
Is there some way to disable this upgrade to HTTPS ?
I see chrome and the other browsers all seem to add this "upgrade-insecure-requests" header to the requests so I don't know if the ADFS server is respecting that ? Or if it can be disabled on the ADFS side ?
Upvotes: 1
Views: 416
Answers (1)
Reputation: 46700
ADFS only runs on https.
No, you can't disable it.
That's why if you have a LB you have to pass all ADFS traffic through. You can't terminate SSL on the LB.
Upvotes: 1
Related Questions
- SSO via ADFS for Office 365 (SharePoint Online)
- SSO (Single sign-on) and ADFS (Active Directory Federation Services) with Ruby On Rails
- WS Federation: Is SSO apart of the WS Federation specification?
- SSO using Active Directory Federation Services on my .NET (C#) Application
- ADFS 2.0 IDP-Initiated SSO
- ADF SSO with Active Directory
- Team System Web Access ADFS SSO
- ADFS 2.0, SSO and SAML 2.0
- SharePoint 2010 SSO with ADFS and Custom STS
- ASP.NET MVC 3 SSO against ADAM and AD FS