{"id":38,"date":"2015-01-30T18:10:05","date_gmt":"2015-01-30T18:10:05","guid":{"rendered":"http:\/\/172.23.1.43\/?p=38"},"modified":"2022-06-07T22:26:30","modified_gmt":"2022-06-07T22:26:30","slug":"web-application-proxy-pre-authentication-feature","status":"publish","type":"post","link":"https:\/\/blog.n-dol.org\/2015\/01\/30\/web-application-proxy-pre-authentication-feature\/","title":{"rendered":"Web Application Proxy \u2013 Pre-authentication feature"},"content":{"rendered":"\n
This article talk about Web Application Proxy but only on Windows Server 2012 R2, please review TechNet pages for other version.<\/p>\n\n\n\n
To do a pre-authentication, you need to add a Non-Claims-Aware application relying party trust.<\/p>\n\n\n\n
To do that :<\/p>\n\n\n\n
For the Kerberos Delegation you have to add some SPN and configure Kerberos Delegation on Web Application Proxy Active Directory account N.B: <\/strong><\/em>Once the application is configured to use Kerberos, user can still authenticate and use the application using the internal application name<\/p>\n\n\n\n You need to had a SPN of type HTTP on the Active Directory account which running the web application (Machine Account or Service Account) with the internal URL, you can use the machine name as an URL.<\/p>\n\n\n\n Exemple: This article talk about Web Application Proxy but only on Windows Server 2012 R2, please review TechNet pages for other…<\/p>\n","protected":false},"author":5614970,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2478882,39106140,159543117],"tags":[672890818,672890819,672890817],"_links":{"self":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/38"}],"collection":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/users\/5614970"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/comments?post=38"}],"version-history":[{"count":8,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/38\/revisions"}],"predecessor-version":[{"id":758,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/38\/revisions\/758"}],"wp:attachment":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/media?parent=38"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/categories?post=38"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/tags?post=38"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/span><\/p>\n\n\n\nAdd SPN<\/h2>\n\n\n\n
HTTP\/myinternalapplication.mydomain.tld<\/code><\/p>\n\n\n\n
Configure Kerberos Delegation<\/h2>\n\n\n\n
Web Application Proxy Configuration<\/h1>\n\n\n\n
\n