Knowledge Base
  Online Manual
  API Documentation
Generic selectors
Exact matches only
Search in title
Search in content
Home > Knowledge Base > ADCaaS - Load Balancing, Web Application API Protection > Can I use the Cloud Load Balancer for an ADFS farm (Active Directory Federation Services)?

Can I use the Cloud Load Balancer for an ADFS farm (Active Directory Federation Services)?


Yes, you sure can. Single-sign-on is all the rage these days, and why not, it makes life a lot easier (and more secure) for users. We absolutely support load balancing ADFS through the load balancer. In fact, it is actually quite easy.

The only port you typically need is 443 for your SSL traffic. If you have a redirect from HTTP to HTTPS, you could add port 80 as well, but we don’t see that very often, so only add it if absolutely necessary. You can use the “SSL” protocol if you upload a SSL Certificate, or if you simply want SSL pass-through for quick-and-easy setup, use “SSL_PROXY” instead.

When it comes to monitoring, a simple ping is not what most people want. In fact, today’s sharp security managers often disable ICMP completely. In that case, you may want to create an HTTP monitor that looks at a specific URL for the HTTP 200 response code.  Below are a few links to try out. Insert your IP or host name and paste it into your browser. If they work, create a monitor for one of them:

http://<ADFS IP address>/adfs/probe

This seems to be the preferred method if it is available to you. There is a built-in probe in ADFSv3 that will spit back a HTTP 200 response code, and you don’t even have to use SSL. If your install supports this, we think it is the easiest way to go.  Here is a quick image of an HTTP monitor (both the standard parameters tab and the special parameters tab) for your easy configuration reference:

ADFS monitor standard tab

ADFS monitor special parameters tab

If that URL does not work for you, here are two other options you can look at. For both, we suggest an HTTP monitor with “secure” checked and using port 443.

https://<ADFS IP address>/adfs/ls/IdpInitiatedSignon.aspx

https://< ADFS IP address >/federationmetadata/2007-06/federationmetadata.xml

If you run into any issues at all, please reach out to support or your technical account manager. We’ve helped several clients and we are more than willing to help you with this too!

One last tip. If you’re tacking ADFS for the first time, there is a really helpful article here.

Prevent your next outage now!

TRY IT FREE