1.  System Deploy


  • ADFS: th-adfs2012.mfalab3.com
  • ADFS WAP: th-adfs2012wap.mfalab3.com
  • RDWeb: th-rds.mfalab3.com

A public IP for ADFS WAP points to ADFS/RDS as well.

  

 

2.  Setting on ADFS


Create a Relying Parth Trust.

 

 

3.  Setting on ADFS WAP


Create WAP Application.

Add-WebApplicationProxyApplication -Name 'rdweb' -ExternalUrl 'https://th-rds.mfalab3.com/rdweb/' -BackendServerURL 'https://th-rds.mfalab3.com/rdweb/' -ExternalPreAuthentication ADFS -ADFSRelyingPartyName rdweb1 -ExternalCertificateThumbprint '67D438BDDBB455E53CA83D6F5DEC34CC546F711A'

 

4. Setting on RDS.


Important: Change authentication method to “Windows”.

https://social.technet.microsoft.com/Forums/office/en-US/999f56fa-a218-41b0-86ee-2845269d93ef/rdweb-authentication?forum=winserverTS

 

5.  Setting on the Client Computers


               

6. See how it works