Server 2016 WAP a possible TMG replacement?

-

i started reading on web application proxy role on new server 2016 tp. bunch of our servers still running on server 2008 r2, want think moving our servers. biggest let down seems discussed heavily on internet replacing tmg.

funny part have tmg in our dmz zone behind our edge firewall (being couple palo alto next gen firewalls) have need..... except sad sad news pans don't reverse proxy... great utm! (besides amazing devices!)

so doing heavy research ad fs , wap whole. managed ad fs configured part on 2012 r2 dc in test enviroment, i've got of certs figured out, , dns , network location figured out, , test external users via replicated dmz zone (anything beyond nated public ip dmz ip).

currently our "pre-auth" http -> https redirected page pointing forums based auth webpage users enter user name , password , authenticated  via our other segregated domain (which has required trusts our internal corporate domain). ones authenticated our external based sharepoint site. segregated fe server sit behind tmg, , pans.

reading claims based , windows based auth wap... 

i don't how users providing creds in between steps 1 , 2.

" 1)the client attempts access claims-based application using web browser; example, https://appserver.contoso.com/claimapp/.

2)the web browser sends https request web application proxy server redirects request ad fs server."

since have no plans create actual partner ship trusts these users, happen work own companies , authenicated on remote systems in multiple ways (could be a domain based account, lcoal windows account, guest windows system, hecks user running ubuntu accessing our webpage).

so question is exactly how users authenticated when accessing our website, if i'm attempting use server 2016 wap's role?

is possible replacement for current setup, or going on head attempting to implement ad fs no plans federation?

hi,

>>so question is exactly how users authenticated when accessing our website, if i'm attempting use server 2016 wap's role?

users should asked credentials , credential authenticated adfs.

for question how adfs perform authentication, here article:

http://download.microsoft.com/download/0/4/a/04acf0b3-4b39-4dd1-86b5-ff0a6c110e9b/active_directory_federation_services.pptx

best regards,

steven lee please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.



Windows Server  >  Management



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more