Publish offline 365 ADFs Internet access through TMG

Source: Internet
Author: User

 

Publish the ADFs service of office365 through TMG

We have introduced the configuration of joint authentication for office365, synchronous filtering of Active Directory, and role assignment. Today we will mainly introduce how to publish the ADFs service of office365 to the Internet through TMG, in this way, you can use the local active directort user to verify and manage the office365 portal page. There are two ways to release the SDK: 1. directly publish the corresponding ports of the ADFs Service (80, 443 ). 2. port 80 and port 443 of the ADFs Proxy Server are released. The second method is recommended by Microsoft, which is recommended at the security level. Today, we will introduce the first method to directly release ports 80 and 443 of the ADFs service of office365 through TMG;

We have introduced the installation and configuration of the ADFs proxy server in the previous article:

Http://gaowenlong.blog.51cto.com/451336/1605502

First, check that the internal address of the server of the ADFs service is 10.10.1.10.

650) This. width = 650; "Title =" clip_image002 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image002 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1ba_h9TT3AAFnvIdaV4o080.jpg "Height =" 325 "/>

Then we need to publish ports 80 and 443 of ADFs to the Internet through TMG;

Open the TMG console-firewall policy-New-non-Web Server Protocol publishing rules

650) This. width = 650; "Title =" clip_image004 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image004 "src =" http://s3.51cto.com/wyfs02/M00/5A/13/wKiom1T1ba-zu967AAHfGlBptYk248.jpg "Height =" 417 "/>

Release name ---- publish ADFs prot

650) This. width = 650; "Title =" clip_image006 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image006 "src =" http://s3.51cto.com/wyfs02/M01/5A/13/wKiom1T1ba-iVgb6AAGU53Q1N-g357.jpg "Height =" 411 "/>

Internal Server address of ADFs service of office365: 10.10.1.10

650) This. width = 650; "Title =" clip_image008 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image008 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbDxJyZqAAFf9MA7plo434.jpg "Height =" 423 "/>

Protocol type ---- select new

650) This. width = 650; "Title =" clip_image010 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image010 "src =" http://s3.51cto.com/wyfs02/M00/5A/13/wKiom1T1bbDi5E_xAAFX8qbSZqg216.jpg "Height =" 413 "/>

After the protocol name is defined, choose create port ---- select protocol type --- TCP ----- select direction --- inbound ---- Select Port ---- 80, 443

650) This. width = 650; "Title =" clip_image012 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image012 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsOQHs4RAAFsbdyxAbk519.jpg "Height =" 431 "/>

Select TCP ---- inbound --- 443

650) This. width = 650; "Title =" clip_image014 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image014 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsOyy-wZAAFdOdo49Rw362.jpg "Height =" 419 "/>

Then the external address interface can be used.

650) This. width = 650; "Title =" clip_image016 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image016 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbCjwH0SAAG5o2OzcWc278.jpg "Height =" 419 "/>

 

We have released two rules for the ADFs service of office365. In fact, only the corresponding port of HTTPS can be published;

650) This. width = 650; "Title =" clip_image018 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image018 "src =" http://s3.51cto.com/wyfs02/M01/5A/13/wKiom1T1bbGyE_syAAGsAFzkw-A256.jpg "Height =" 423 "/>

After the release, we also need to add domain name resolution records (for External Resolution access) in the iternalsoft.com domain)

Adfs.iternalsoft.com directs to the IP address published on the Internet.

650) This. width = 650; "Title =" clip_image020 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image020 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsORW87HAACCchoQkds316.jpg "Height =" 165 "/>

Then we test the resolution on the Internet and return the correct resolution address.

650) This. width = 650; "Title =" clip_image022 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image022 "src =" http://s3.51cto.com/wyfs02/M02/5A/0F/wKioL1T1bsSQmkMyAACrV2Qawwk584.jpg "Height =" 242 "/>

For more confirmation, We can telnet ports 80 and 443 of adfs.iternalsoft.com

650) This. width = 650; "Title =" clip_image024 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image024 "src =" http://s3.51cto.com/wyfs02/M00/5A/0F/wKioL1T1bsSCm2EPAAC5wwR3GOM698.jpg "Height =" 377 "/>

Test access on the Internet

650) This. width = 650; "Title =" clip_image026 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image026 "src =" http://s3.51cto.com/wyfs02/M01/5A/0F/wKioL1T1bsSS5PTRAAEyirfhTUU439.jpg "Height =" 268 "/>

Redirection

650) This. width = 650; "Title =" clip_image028 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image028 "src =" http://s3.51cto.com/wyfs02/M02/5A/10/wKioL1T1bsTgOm7gAAEQP6Dj-0o911.jpg "Height =" 253 "/>

Prompt certificate untrusted --- click Continue to access

650) This. width = 650; "Title =" clip_image030 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image030 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbGj8B8cAADUiMJgvEE637.jpg "Height =" 232 "/>

Enter a valid user and password-log on

650) This. width = 650; "Title =" clip_image032 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image032 "src =" http://s3.51cto.com/wyfs02/M02/5A/13/wKiom1T1bbHQ2NFPAAC06RVSCYM189.jpg "Height =" 274 "/>

Logon successful

650) This. width = 650; "Title =" clip_image034 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" clip_image034 "src =" http://s3.51cto.com/wyfs02/M01/5A/10/wKioL1T1bsTgz_KOAACnvZO6ieE806.jpg "Height =" 307 "/>

This article is from the "Gao Wenlong" blog and will not be reproduced!

Publish offline 365 ADFs Internet access through TMG

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.