Web Application Proxy – Pre-authentication feature

This article talk about Web Application Proxy but only on Windows Server 2012 R2, please review TechNet pages for other version.

ADFS Pre-authentication

  1. User access to a proxyfied application
  2. The web proxy contact ADFS to check Relying Part trust rules
  3. ADFS Server send back the validation
  4. The Web Application Proxy ask on behalf of the user to KDC a Kerberos Ticket
  5. The KDC sent back a Kerberos ticket if the user was validated
  6. The WAP forward the Kerberos Ticket to the web application
  7. The web server verify the Kerberos token and send the web page
  8. Proxy Forward the http flow to the user

Continue reading