Hi all IT have asked about moving our IdP onto an internal IP address (currently it's in our DMZ), and protecting external access via Forefront Threat Management Gateway (newer servers are setup that same way, but so far all Windows ones) as part of migrating to AD. Has anyone tried this and got it working, as I'm sceptical that it'll work - I think that SPs needs to connect directly to IdP for attributes, and something saying "you're not logged in so I won't allow that connection yet" would stop that working? Thanks, Dave ________________________________ David Perry eLearning Technologist (L34 - Library) Hull College Group Wilberforce Drive, Queen's Gardens, Hull HU1 3DG Extension 2230 / Direct Dial 01482 381930 Message scanned ********************************************************************** This message is sent in confidence for the addressee only. It may contain confidential or sensitive information. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission. Any views expressed in this message are solely the views of the individual and do not represent the views of the College. Nothing in this message should be construed as creating a contract. Hull College owns the email infrastructure, including the contents. Hull College is committed to sustainability, please reflect before printing this email. **********************************************************************