In Identity Broker 5.X, if services on other servers need to contact Identity Broker you have to supply the servers IP address. I have the following questions:
a) The UI does not allow me to enter in another servers IP address, if I do this I get a message stating the IP is not valid in the current context. This is good. What happens however if the servers IP address was to be changed. Will Identity Broker pick this up and compensate when it's next restarted, will it fail to start or will something else happen?
b) Is there any reason this field can't take in the fully qualified domain name of the server? The FIM Administrators aren't likely to be network administrators, so ideally they could configure services with a higher level of granularity than an IP address (which they don't manage). 127.0.0.1 is ok for localhost as it's universal, anything else might cause issues based on the behaviour in question A.
c) As an extension of part b, could the field be removed outright? If traffic is to be restricted to localhost firewall rules could be used on the assigned port.
Update documentation to let users know that IdB can be bound to any IP.
- Make the any IP easier to configure on the UI
- Consider offering ability to select the IP (or preferably the network adapter) (keep in mind this should come from the server and not studio)
Customer support service by UserEcho