in earlier blog which can be found from HERE we created DMZ virtual network and needed subnets. We also already allowed HTTPS 443 connection from DMZ network (DMZ Subnet) to production network (Azure VMNet 01) so we are able to configure AD FS and WAP (Web Application Proxy). Next we will setup the AD FS part.
First we need to install two different VMs. One for AD FS and one for WAP.
WAP is connected to DMZ vnet/DMZ subnet. HTTPS endpoint is also enabled.
Next we need to setup DNS. We created primary DNS zone for AD FS called sts.virtual-station.com. Then we need to point it to our AD FS with internal IP address ( internal clients internal AD FS server, and external via WAP).
Name field should be empty, because then we have sts.virtual-station.com as A record.
Import certificate to your AD FS server and then basic AD FS installation (I´m not going to go through all the installation steps, because they are pretty basic and lot of guides can be found already from internet)
Our public domain name is bought from GoDaddy so first we needed to point sts.virtual-station.com to our WAP (public IP). Configuration is quick thing from Godaddy portal:
First we needed to add AD FS details to host file.
After host file modifications we were able to test connection
Then we needed to import AD FS certificate to WAP server like we did for AD FS server.