Web Application Proxy(WAP) is a role service of the Remote Access server role in Windows Server 2012 R2. WAP provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access your web applications from outside the corporate network. WAP pre-authenticates access to web applications by using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.
- Web Application Proxy server should be deployed in DMZ network.
- Opened port 443 between WAP and ADFS server. Also 443 should be opened from internet to WAP server.
- Certificate from trusted CA (for production use)
Install Web Application Proxy server role
Here is the process how to add WAP role:
I am changing my source to my DVD drive with WS2012R2 ISO mounted.
Create Web application proxy service account webapproxy_svc and add it into local Administrators group on your ADFS server:
Edit Hosts file on WAP
Editing HOSTS file on WAP server. Open Notepad as Administrator, browse to C:\Windows\System32\drivers\etc\ and open hosts file.
Add one line for your ADFS server:
Importing trusted certificate into WAP server
WAP needs certificate, I am using Wildcard Certificate from Godaddy, here are the steps how to import it from pfx file:
Do not forget to import Root certificates into Trusted Root Certificates or Intermediate.
Configuration of Web Application Proxy
WAP is now configured and working.