Fortinet black logo

Administration Guide

Configuring FortiWeb as an AD FS proxy

Configuring FortiWeb as an AD FS proxy

To configure FortiWeb as an AD FS proxy, you need to:

  • Create a virtual server specifying the IP address and network interface.
  • Import a certificate file to set up secure connections with the AD FS servers.
  • Create a server pool that contains the AD FS server. It's supported to add single server in an AD FS server pool.
  • Import a CA file to verify the certificate authentication requests from Internet users (for certificate authentication requests).
  • Create an AD FS server policy that references the virtual server, server pool, certificate validation rule, the service ports for certificate authentication requests and credential authentication requests, etc.

When deployed as an AD FS proxy, FortiWeb supports only the Reverse Proxy operation mode.

For details on the AD FS proxy configurations, please see the subsections under this topic.

Until you configure and enable at least one policy, FortiWeb will by default deny all traffic.

Configuring FortiWeb as an AD FS proxy

To configure FortiWeb as an AD FS proxy, you need to:

  • Create a virtual server specifying the IP address and network interface.
  • Import a certificate file to set up secure connections with the AD FS servers.
  • Create a server pool that contains the AD FS server. It's supported to add single server in an AD FS server pool.
  • Import a CA file to verify the certificate authentication requests from Internet users (for certificate authentication requests).
  • Create an AD FS server policy that references the virtual server, server pool, certificate validation rule, the service ports for certificate authentication requests and credential authentication requests, etc.

When deployed as an AD FS proxy, FortiWeb supports only the Reverse Proxy operation mode.

For details on the AD FS proxy configurations, please see the subsections under this topic.

Until you configure and enable at least one policy, FortiWeb will by default deny all traffic.