Configure Endpoints and Test the Web Application Proxy Servers (Load-Balanced Set in Windows Azure) for Office365 Single Sign-On

In the previous post we setup two WAP servers that will act as the AD FS proxy role for our internal AD FS servers. Now that the servers are setup, we need to add an end point so that the servers are accessible from the internet and we also need to load balance the end point across the two WAP servers.

 

Configure a Load Balanced End Point on the first Web Application Proxy Server

 

Open the Azure Management Portal

Select the first WAP Server

 

Select Endpoints

Click + Add

 

Select Add a Stand-Alone Endpoint

Click Next Arrow

 

Select HTTPS

Verify TCP

Verify Public Port 443

Verify Private Port 443

Select Create a Load-balanced set

Click Next Arrow

 

Name the load-balanced Set

Verify Protocol – TCP

Verify Probe Port – 443

Verify Probe Interval – 15

Verify Number of Probes – 2

Click the complete check mark

 

Load balanced endpoint is added

 

Add the Second Web Application Proxy Server to the WAP Load Balanced Set

 

Now that we have the load balanced endpoint setup on the first server, we now need to add the second server to this set.

 

Select the second WAP server

Click Endpoints

Click + Add

 

Select Add an endpoint to an existing load-balanced set

Select the load-balanced set you created in the step above

Click Next Arrow

 

Name the endpoint for this server

Verify the protocol – TCP

Click the complete checkmark

 

At this point the servers are both added to the load balanced end point and are live on the internet.

 

Collect the External IP Address of the WAP Cloud Service

 

Now that the WAP servers are load balanced, we will need to update our public DNS so that the Public Virtual IP (VIP) Address for the WAP cloud service is resolving to the AD FS farm name (in my case it’s sts.office365supportlab.com)

Click on the WAP Cloud Service – On the main page the Public Virtual IP (VIP) Address will be displayed

 

 

Update Public DNS

 

Before you complete this step, please note that this could have an impact if you are already in production. Don’t update this record if you don’t know what you are doing.

Since we all use different DNS hosts, I’ll leave this one up to you. Here is a screen shot of my GoDaddy DNS zone for reference.

 

Testing AD FS from External

 

 

Browse to the URL – https://sts.domain.com/adfs/ls/IdpInitiatedSignon.aspx
Make sure to modify the hostname and domain for your own domain.

Enter credentials

Click Sign in

 

 

Testing Access from Office365

Navigate to https://portal.office.com

 

Enter your UserID

Hit Tab

 

Redirecting to the WAP servers

 

The user name should be populated with the value entered on Office365 sign-in page

Enter Password

Click Sign-in

 

Credentials are verified and you are re-directed to Office365

 

This completes the series for Deploying a Highly Available AD FS 3.0 Solution in Windows Azure for Single Sign-on with Office365.

 

 

My BLOG Series

Deploying a Highly Available AD FS 3.0 Solution in Windows Azure for Single Sign-on with Office365

  1. Setting up the Primary AD FS 3.0 Server in Windows Azure for Office365 Single Sign-On
  2. Setting up the Secondary AD FS 3.0 Server in Windows Azure for Office365 Single Sign-On
    1. Configure the AD FS Servers in an Internal Load-Balanced Set in Windows Azure for Office365 Single Sign-On
    2. Configure the AD FS Servers with Azure Load Balanced Set in Windows Azure for Office365 Single Sign-On
  3. Securing the AD FS 3.0 servers and Configuring Azure ACLs for WAP Communications
  4. Setting up the First Web Application Proxy Servers (AD FS Proxy) in Windows Azure for Office365 Single Sign-On
  5. Setting up the Second Web Application Proxy Server (AD FS Proxy) in Windows Azure for Office365 Single Sign-On
  6. Configure Endpoints and Test the Web Application Proxy Servers (Load-Balanced Set in Windows Azure) for Office365 Single Sign-On

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Technical Consultant

Concepps Group

Email Me Follow me on Twitter Connect with me on LinkedIN

2 thoughts on “Configure Endpoints and Test the Web Application Proxy Servers (Load-Balanced Set in Windows Azure) for Office365 Single Sign-On

    1. Kelsey EppsKelsey Epps Post author

      Here is the flow… All TCP 443

      Internet -> Firewall -> NLB -> WAP Servers (DMZ) -> Firewall -> NLB -> ADFS Servers (Internal Network)

      Reply

Leave a Reply