Directory Programming .NET

In my scenario I would like to have a load balancer/firewall combination handle the https request and from there on the request to the web server is pure http. Will this work?

SSL required end-to-end in the current version.

I believe they're considering allowing http in certain scenarios (instead of https) in Geneva, but this isn't set in stone.

I originally thought that you had to have SSL end to end as well and that the agent and fed server actually checked for this in code, but I think I heard from one of the other forum participants that you can actually get this to work with SSL termination at the load balancer.  You'll need SSL on the web servers themselves when you do the initial install but I think it does still work if you turn it off.

Please remember that from a protocol requiremments perspective, fed passive (what ADFS uses) REQUIRES SSL for security because the SAML tokens that are used do not have proof of possession qualities and are subject to replay attacks otherwise.  As such, if you do not have SSL at some point in the chain, you need to be absolutely certain that the network segment where plain HTTP is used is totally secure.

Interesting. Must be like the little birdie who told me you could drop the FS-R out to a workgroup after the install and it would still work, if you were in one of those configurations where you stood up an AD domain for the sole purpose of joining the FS-R -to it-.

Ah, that's a neat trick.  :)  Next time someone complains to me about that "requirement", I'll pass that along. 

Interesting. Would we be talking with the same birdie? Or is there already a whole family of those birdies?
My birdie told me that his (workgroup) FS-R has ADAM. And that you need to make sure that the pool account on the WEB server exists with the same uid/pwd in both (web and FS-R) machines.....

It is a very interesting option indeed, but I am not sure if I would recommend anyone doing this (without a lot of thought). There are many, many factors involved.