1.  System Deploy

  • ADFS: th-adfs2012.mfalab3.com
  • ADFS WAP: th-adfs2012wap.mfalab3.com
  • RDWeb: th-rds.mfalab3.com

A public IP for ADFS WAP points to ADFS/RDS as well.



2.  Setting on ADFS

Create a Relying Parth Trust.



3.  Setting on ADFS WAP

Create WAP Application.

Add-WebApplicationProxyApplication -Name 'rdweb' -ExternalUrl 'https://th-rds.mfalab3.com/rdweb/' -BackendServerURL 'https://th-rds.mfalab3.com/rdweb/' -ExternalPreAuthentication ADFS -ADFSRelyingPartyName rdweb1 -ExternalCertificateThumbprint '67D438BDDBB455E53CA83D6F5DEC34CC546F711A'


4. Setting on RDS.

Important: Change authentication method to “Windows”.



5.  Setting on the Client Computers


6. See how it works