Publish the ADFs service of office365 through TMG
We have introduced the configuration of joint authentication for office365, synchronous filtering of Active Directory, and role assignment. Today we will mainly introduce how to publish the ADFs service of office365 to the Internet through TMG, in this way, you can use the local active directort user to verify and manage the office365 portal page. There are two ways to release the SDK: 1. directly publish the corresponding ports of the ADFs Service (80, 443 ). 2. port 80 and port 443 of the ADFs Proxy Server are released. The second method is recommended by Microsoft, which is recommended at the security level. Today, we will introduce the first method to directly release ports 80 and 443 of the ADFs service of office365 through TMG;
We have introduced the installation and configuration of the ADFs proxy server in the previous article:
Http://gaowenlong.blog.51cto.com/451336/1605502
First, check that the internal address of the server of the ADFs service is 10.10.1.10.
650) This. width = 650; "Title =" clip_image002 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image002 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1ba_h9TT3AAFnvIdaV4o080.jpg "Height =" 325 "/>
Then we need to publish ports 80 and 443 of ADFs to the Internet through TMG;
Open the TMG console-firewall policy-New-non-Web Server Protocol publishing rules
650) This. width = 650; "Title =" clip_image004 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image004 "src =" http://s3.51cto.com/wyfs02/M00/5A/13/wKiom1T1ba-zu967AAHfGlBptYk248.jpg "Height =" 417 "/>
Release name ---- publish ADFs prot
650) This. width = 650; "Title =" clip_image006 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image006 "src =" http://s3.51cto.com/wyfs02/M01/5A/13/wKiom1T1ba-iVgb6AAGU53Q1N-g357.jpg "Height =" 411 "/>
Internal Server address of ADFs service of office365: 10.10.1.10
650) This. width = 650; "Title =" clip_image008 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image008 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbDxJyZqAAFf9MA7plo434.jpg "Height =" 423 "/>
Protocol type ---- select new
650) This. width = 650; "Title =" clip_image010 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image010 "src =" http://s3.51cto.com/wyfs02/M00/5A/13/wKiom1T1bbDi5E_xAAFX8qbSZqg216.jpg "Height =" 413 "/>
After the protocol name is defined, choose create port ---- select protocol type --- TCP ----- select direction --- inbound ---- Select Port ---- 80, 443
650) This. width = 650; "Title =" clip_image012 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image012 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsOQHs4RAAFsbdyxAbk519.jpg "Height =" 431 "/>
Select TCP ---- inbound --- 443
650) This. width = 650; "Title =" clip_image014 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image014 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsOyy-wZAAFdOdo49Rw362.jpg "Height =" 419 "/>
Then the external address interface can be used.
650) This. width = 650; "Title =" clip_image016 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image016 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbCjwH0SAAG5o2OzcWc278.jpg "Height =" 419 "/>
We have released two rules for the ADFs service of office365. In fact, only the corresponding port of HTTPS can be published;
650) This. width = 650; "Title =" clip_image018 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image018 "src =" http://s3.51cto.com/wyfs02/M01/5A/13/wKiom1T1bbGyE_syAAGsAFzkw-A256.jpg "Height =" 423 "/>
After the release, we also need to add domain name resolution records (for External Resolution access) in the iternalsoft.com domain)
Adfs.iternalsoft.com directs to the IP address published on the Internet.
650) This. width = 650; "Title =" clip_image020 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image020 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsORW87HAACCchoQkds316.jpg "Height =" 165 "/>
Then we test the resolution on the Internet and return the correct resolution address.
650) This. width = 650; "Title =" clip_image022 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image022 "src =" http://s3.51cto.com/wyfs02/M02/5A/0F/wKioL1T1bsSQmkMyAACrV2Qawwk584.jpg "Height =" 242 "/>
For more confirmation, We can telnet ports 80 and 443 of adfs.iternalsoft.com
650) This. width = 650; "Title =" clip_image024 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image024 "src =" http://s3.51cto.com/wyfs02/M00/5A/0F/wKioL1T1bsSCm2EPAAC5wwR3GOM698.jpg "Height =" 377 "/>
Test access on the Internet
650) This. width = 650; "Title =" clip_image026 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image026 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsSS5PTRAAEyirfhTUU439.jpg "Height =" 268 "/>
Redirection
650) This. width = 650; "Title =" clip_image028 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image028 "src =" http://s3.51cto.com/wyfs02/M02/5A/10/wKioL1T1bsTgOm7gAAEQP6Dj-0o911.jpg "Height =" 253 "/>
Prompt certificate untrusted --- click Continue to access
650) This. width = 650; "Title =" clip_image030 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image030 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbGj8B8cAADUiMJgvEE637.jpg "Height =" 232 "/>
Enter a valid user and password-log on
650) This. width = 650; "Title =" clip_image032 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image032 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbHQ2NFPAAC06RVSCYM189.jpg "Height =" 274 "/>
Logon successful
650) This. width = 650; "Title =" clip_image034 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image034 "src =" http://s3.51cto.com/wyfs02/M01/5A/10/wKioL1T1bsTgz_KOAACnvZO6ieE806.jpg "Height =" 307 "/>
This article is from the "Gao Wenlong" blog and will not be reproduced!
Publish offline 365 ADFs Internet access through TMG