Follow the steps below to configure a VS:

  1. Log in to the relevant VLM.
  2. In the main menu, click Virtual Services and select Add New.

  3. Enter the Virtual Address.
    Note: This is the Virtual IP address used for the service and must be unique and not in use by any other device on the network.
  4. Enter 443 in the Port field.
  5. Enter a name for the VS in the Service Name (Optional) field.
  6. Ensure that tcp is selected as the Protocol.
  7. Click Add this Virtual Service.
  8. Configure the settings as recommended in the following table:

    Section

    Option

    Value

    Comment

    SSL Properties

    SSL Acceleration

    Enabled

    Cipher Set

    Default

    Reencrypt

    Enabled

    Set the Reencryption SNI Hostname if required. ADFS 3.0 requires the Reencryption SNI Hostname to be set.

    Standard Options

    Persistence Mode

    Super HTTP

    Timeout

    1 Hour

    Scheduling Method

    least connection

    ESP can be enabled if an ESP license is in place. For more information on ESP, refer to the ESP, Feature Description.
  9. Expand the Real Servers section.
  10. In the first Real Server Check Parameters field, select HTTPS Protocol.
  11. Enter /federationmetadata/2007-06/federationmetadata.xml in the URL text box and click the Set URL button.
  12. Select the Use HTTP/1.1 check box.
  13. Select GET as the HTTP Method.
  14. Click the Add New… button.
  15. Enter the IP address of the server to be added to the real server pool. Click Add This Real Server. A success message will be displayed after adding. Click OK. Repeat this for any other real servers that need to be added.
  16. In the main menu, click Certificates & Security and select SSL Certificates.
  17. Locate the certificate that was added earlier. In the Available VSs field, select the Virtual Service that has just been added and click the right arrow button to assign it.
  18. In the main menu, click Virtual Services and select View/Modify Services.
  19. Confirm that the service is listed with a Status of Up and that all added member servers are listed in non-bold font.
  20. Test access to the AD FS Internal Farm by opening a browser and going to https://<AD FS URL>/ADFS/ls/idpinitiatedsignon.aspx and following the instructions to log in.
  21. Once all other Microsoft-defined AD FS prerequisites and application configurations are complete, test access to the application to ensure authentication success. To do this, open a browser and go to https://owAD FS/<AD FS URL>/owa.

A successful login will result in access to the protected application.

Note: Login experience is dependent upon the parameters set in the web.config file located on the AD FS servers.