locked
Pre-authenticate Static HTML Site RRS feed

  • Question

  • I was under the impression that it was possible to pre-authenticate, via WAP and ADFS, almost any site by using the non-claims-aware relying trust party, in this case a static html site.  Is it possible or was I hallucinating?  If it is possible, can someone point me in the right direction?

    Thanks.


    • Edited by Silent-Knight Friday, June 17, 2016 7:23 PM clarification
    Friday, June 17, 2016 7:19 PM

All replies

  • If by static HTML site, you mean a website with no authentication. Like an anonymous web page, then you can just publish a pass-through application with WAP: https://technet.microsoft.com/en-us/library/dn383639(v=ws.11).aspx

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 20, 2016 12:24 AM
  • Pierre,

    Thank you for your response.  What we are trying to attempt is to pre-authenticate the user prior to allowing them to access a site that contains static content. Since the content is HTML, PDF, documents, etc. the site will not be claims aware.  I thought it was possible to secure the content using adfs and / or a Web Application Proxy.  Is this an incorrect assumption?

    Monday, June 20, 2016 12:43 PM
  • It is somewhat :)

    ADFS Pre-Authentication is design for 2 scenario:

    1. My application is claim aware.
    2. My application is not claim aware BUT my application is using Windows Integrated Auth (Kerberos).

    If you case you have an anonymous app on prem that you wish to publish with pre-auth. You are bullet point 3. So to the question are you supposed to be able to do it with ADFS/WAP, the answer is no. But to the question can you do it anyways? The answer is yes :) You can trick the system... Follow those steps:

    1. In ADFS, create a dummy RP. Let's call it urn:my:intranet. Go for a manual config and just configure a dummy id like I suggested.
    2. In WAP, create a publication for this dummy RP. Select the dummy RP, and specify the arbitrary URIes you want.

    Does this help?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 20, 2016 2:08 PM
  • I assume the RP is a claims aware RP?
    Monday, June 20, 2016 2:18 PM