Bind ADFS 2.0 service to a specific IP address

Posted by ccellar on Server Fault See other posts from Server Fault or by ccellar
Published on 2011-05-25T21:11:06Z Indexed on 2012/12/08 5:09 UTC
Read the original article Hit count: 879

I have one server with ADFS-2.0 and a few websites on it. One of the websites is Dynamics CRM which listens on a specific IP address on port 443.

Dynamics CRM provides a metadata file for configuration purposes which could be used to configure a relaying party trust with ADFS. It is accessible with the URL

https://auth.contoso.com/FederationMetadata/2007-06/federationmetadata.xml

The problem is that ADFS-2.0 installs a service which registers following urlacl

https://+:443/FederationMetadata/2007-06/

This means the result of accessing the URL https://auth.contoso.com/FederationMetadata/2007-06/federationmetadata.xml is the metadata file of ADFS, not the one of Dynamics CRM.

I've tried to delete the default urlacl and added (one of them at a time)

https://192.168.1.2:443/FederationMetadata/2007-06/ https://adfs.mydomain.com:443/FederationMetadata/2007-06/

but neither of them worked. Instead the ADFS-service failed to startup complete.

Is there any way to bind this service to a IP address? At the moment I see only two alternatives

  1. Bind the service to a non standard port. This leads to problems because this means that also the ADFS website has to use a non-standard HTTPS-port.

  2. Install ADFS-2.0 on a different server (this is my favorite alternative - however it is not possible in every situation...)

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Related posts about netsh