locked
Access Control Policies not working with WAP RRS feed

  • Question

  • Hello,

    I'm facing the issue, that my configured Access Control Policies are not working when pre-authentication must be done from external via Web Application Proxy.

    I tested the Access Control Policies from the internal network with a direct authentication to the ADFS server itself and they are working fine. But when testing from external via WAP, these Access Control Policies seem to be ignored completely.

    Does anyone know anything?

    Thanks.

    Best regards
    Alex


    Regards Alex

    Friday, May 24, 2019 1:34 PM

Answers

  • How did you publish RDS? If you did it using a "fake" claim-aware relying party trust, then access rules aren't not honored because you don't actually evaluate them, you do not issue a token for the app.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Wednesday, May 29, 2019 9:01 PM

All replies

  • What policy is particular are not working? Do you have an example? 

    Are those Pre-Auth for ADFS RP at all?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Monday, May 27, 2019 2:02 PM
  • Well, I did some further tests:

    The same access control policy is working with another relying party trust that is publishisng a test website.

    Policy: Permit users from security group.

    But this access control policy is not working for another one, where RDS is published through WAP.


    Regards Alex

    Tuesday, May 28, 2019 7:04 AM
  • How did you publish RDS? If you did it using a "fake" claim-aware relying party trust, then access rules aren't not honored because you don't actually evaluate them, you do not issue a token for the app.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Wednesday, May 29, 2019 9:01 PM
  • All right, that’s what we did. Do you know, if there is any different way to publish RDS?

    Regards Alex

    Thursday, May 30, 2019 8:32 AM