I had the same issue/question for few weeks - Configure HSTS for AD FS
There is no way to modify the behavior. Work as designed by microsoft.
HSTS on ADFS
BRYAN BURNETT
16
Reputation points
We're running ADFS on Windows Server 2019, with the appropriate headers enabled. Much like this prior question, we need to have ADFS return a header, showing HSTS enabled, rather than a 404, if the root is called -- i.e., https://adfs.url.com. HSTS shows as enabled for a valid endpoint, such as https://adfs.url.com/adfs/ls/IdpInitiatedSignon.aspx, but our vulnerability auditors insist on calling the root. Any ideas?
1 answer
Sort by: Most helpful
-
9704244848 186 Reputation points
2020-09-24T16:42:37.317+00:00