How to install and configure Web Application Proxy for use with Active Directory Federation Services (AD FS)

Article: 100038707
Last Published: 2016-03-18
Ratings: 0 0
Product(s): Enterprise Vault

Description

 Web Application Proxy provides reverse proxy functionality for web applications within a corporate network.Web Application Proxy (WAP) works in conjunction with Active Directory Federation Services (AD FS) which is an application developed by Microsoft that provides users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and implement federation identity.

Prerequisites:

One or more certificates must be installed on the Web Application Proxy Server. 
1. A certificate must be installed on the WAP server for AD FS to utilize. See related articles for more information on the installation and configuration of Active Directory Federation Services (AD FS).
2. Certificate(s) must be installed on the WAP server for all published URLs when SSL is to be used.
3. The Web Application Proxy server (WAP) must be configured to act as a Delegate for backend servers that will use AD FS as it pre-authentication method.
 -  Active Directory Users and Computers 
 - Web Application Proxy computer object (properties) 
 - Delegation tab
 - Add backend server with Service Type (HTTP) and choose 'Trust this computer for delegation to specified services only - Use any authentication protocol'
UDUC



To install Web Application Proxy (WAP)


1. Open the Windows Server 2012 R2  Add Roles and Features Wizard  and select the  Web Application Proxy  server role.
Web Application Proxy



2. Complete the wizard to install the Web Application Proxy role.
3. If WAP is to be used to allow external communication access to internal resources, SSL will likely be configured. In this instance certificates are required to be installed on the Web Application Proxy server. 
4. Once the installation is complete, access WAP by launching the Remote Access Management console.
WAP2




5. Select Web Application Proxy in the left windows pane and then click Run the Web Application Proxy configuration wizard
6. Enter the Federation service name. Enter local Administrator credentials for the Federation servers.  See related articles for more information on the installation and configuration of Active Directory Federation Services (AD FS).
WAP6
Note: If the FQDN of the AD FS farm does not resolve to the correct IP Address from the Web Application Proxy server, a HOSTS file entry can be used.



7. Select an appropriate certificate to be used by the AD FS proxy. 
WAP7



8. Select Configure to apply the settings and the Close to complete. 
WAP8



9. Once WAP is configure, select Publish to add a URL.
WAP3



10. Select Active Directory Federated Services (AD FS). See related articles for more information on the installation and configuration of Active Directory Federation Services (AD FS)
WAP4
Note: if Pass-through is selected, the backend server is responsible for performing authentication. 



11. Configure the appropriate publishing settings by adding the external URL, external certificate, backend server URL and backend SPN. Select Next to continue and complete the process of publishing the URL. 
WAP10


 

Was this content helpful?