locked
Web Application Proxy traffic sizing RRS feed

  • Question

  • I am implementing MFA on our SharePoint. One way is to use ADFS and WAP.

    To change the SharePoint farm as less as possible, I planned to using WAP to publishing the SharePoint site, so that all I need to do on the SharePoint farm is to enable Kerberos authentication.

    So my question is:

    Is the WAP also act as a reverse proxy for the SharePoint site and all traffic will be handled by the WAP server? There will be a fortiweb to do HTTPS inspection in front of everything.

    Thanks!

    Monday, June 6, 2016 1:07 AM

All replies

  • Yes, if you publish SharePoint as a non claim aware app, all the trafic will have to go through your WAP.

    About SSL termination,  be aware of the following limitations:

    "SSL Termination between Client and Web Application Proxy / AD FS Proxy

    This scenario is a little less clear although strictly speaking from a product perspective the answer is No. The reason for this is that some product features will break if you terminate SSL in front of Web Application Proxy server. Specifically the following features will not work:-

    –    Workplace Join / Device Registration
    –    Client SSL Certificate authentication"

    https://blogs.technet.microsoft.com/applicationproxyblog/2014/07/04/ssl-termination-with-web-application-proxy-and-ad-fs-2012-r2/


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 6, 2016 2:03 PM