locked
WAP Alternatives with ADFS 3.0 RRS feed

  • Question

  • I have just setup a ADFS 3.0 server internally and it tests fine.

    Now i want to make it available externally.

    Can anyone tell me if I have to use a Web Application Proxy on a windows server?

    Could i use maybe HAProxy or something simliar.

    If i can use something other than WAP. What connection details would i need to know?

    I work for a small company and want to try to minimize MS license usage.

    Advise would be appreciated.

    Wednesday, November 25, 2015 9:40 PM

Answers

  • The deployment of the WAP is not compulsory. It is an easy way to enable extranet authentication. Besides it also enable you to affect different authentication policy for intranet and extranet users (for example: form based for extranet, Windows Integrated Authentication for intranet, or trigger multi factor authentication for certain users when they are connected externally but still have a seamless SSO when the same users are connected on premises).

    Note that if budget is an issue here, I invite you to look at the pricing model of the different proxy/load balancers in the market. They are generally not cheap at all...

    In order to fully replace an ADFS proxy, the alternate solution has the implement all the specifications described here:

    You can ask the vendor about it if you have doubt.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by Energizer_Bat Friday, December 4, 2015 7:10 PM
    Wednesday, November 25, 2015 10:26 PM

All replies

  • The deployment of the WAP is not compulsory. It is an easy way to enable extranet authentication. Besides it also enable you to affect different authentication policy for intranet and extranet users (for example: form based for extranet, Windows Integrated Authentication for intranet, or trigger multi factor authentication for certain users when they are connected externally but still have a seamless SSO when the same users are connected on premises).

    Note that if budget is an issue here, I invite you to look at the pricing model of the different proxy/load balancers in the market. They are generally not cheap at all...

    In order to fully replace an ADFS proxy, the alternate solution has the implement all the specifications described here:

    You can ask the vendor about it if you have doubt.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by Energizer_Bat Friday, December 4, 2015 7:10 PM
    Wednesday, November 25, 2015 10:26 PM
  • Did this help? Let us know!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by Energizer_Bat Friday, December 4, 2015 7:09 PM
    • Unmarked as answer by Energizer_Bat Friday, December 4, 2015 7:10 PM
    Friday, December 4, 2015 3:16 PM
  • Sorry, was busy working on this an forgot to reply.

    This did help. We decided that deploying the WAP was the only real way to proceed.

    Thanks for your help.

    Friday, December 4, 2015 7:09 PM