VMware Workspace ONE Community
Hocshop
VMware Employee
VMware Employee
‎09-13-2018 08:41 AM
Jump to solution

External redirection to IDM Connector IP address?

Hi all,

I have an environment where I have IDM appliances in a DMZ connected with IDM Connectors in the internal network.

I have not set the IDM Connectors in Outbound Only mode yet (and I wonder if that would fix the issue)

I created a directory to connect to AD using one of the internal IDM Connectors.

However, when I enter the IDM portal from outside the network and select the domain (to be able to enter as an AD user) then click next, there is a redirection to the URL that begins with the IDM Connector´s FQDN.

For me it is obvious that external connections should not see the IDM Connectors as they are in the internal network.

So I don´t know why a redirection is happening or how to fix the issue as we cannot publish publicly the IDM Connectors.

Does anyone know why this might be happening and/or how to fix it?

Regards

Mark

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
Hocshop
VMware Employee
VMware Employee
‎09-13-2018 11:25 AM
Jump to solution

Hi all,

I found out why this was happening.

The redirection is correct however the environment is missing a few things to make it work:

Internet access (outbound only) for the IDM Connectors

Public FQDNs for the IDM Connectors

(Load Balancers at each site for the external IDM Connector FQDNs)

I understand that after the creation of the above, I need to change the IdP hostname defined for the IDM Connectors to the local FQDN of the Load balancers (which are for the IDM Connectors).

Then the redirection will work as expected.

I hope that helps someone else.

Regards

View solution in original post

1 Reply
Hocshop
VMware Employee
VMware Employee
‎09-13-2018 11:25 AM
Jump to solution

Hi all,

I found out why this was happening.

The redirection is correct however the environment is missing a few things to make it work:

Internet access (outbound only) for the IDM Connectors

Public FQDNs for the IDM Connectors

(Load Balancers at each site for the external IDM Connector FQDNs)

I understand that after the creation of the above, I need to change the IdP hostname defined for the IDM Connectors to the local FQDN of the Load balancers (which are for the IDM Connectors).

Then the redirection will work as expected.

I hope that helps someone else.

Regards