I have covered how to install WAP (Web Application Proxy) in Server 2012 R2 and Let’s see how to publish Exchange 2013 OWA using WAP.
The following table describes the Exchange services that you can publish through Web Application Proxy and the supported preauthentication for these services:
What is Pass-Through Authentication?
When you want to publish the Application through WAP, there will be two options one is ADFS Authentication which is claims-Based Authentication and Pass-through Authentication.
This mechanism of delegating the authenticationrequest to a domain controller is called pass–through authentication, a process in which the server passes the logon request through to the domain controller.
Confusing Right??.Let me simplify it.
An Example, When user accessing the OWA URL from extranet, there can be two types of authentication. WAP can preauthenticate the user and then pass the connections to the right application in the backbone with preauthenticated Calims(Token) and second one, passing the connections to the backbone application in this WAP will be just redirecting the user to the application, application will take care the authentication process.
Exchange 2013 OWA Supports for both ADFS authentication and Pass-through authentication. I will cover ADFS Authentication in upcoming articles.
Publishing the Exchange 2013 OWA using Pass-Thorugh Authentication is very simple to setup and it can be done very faster and there are no changes required at application end or ADFS end.
Open Server Manager–> Tools–>Remote Access Management
Click on Publish
Enter the Name, External URL and Back-end Server URL and Select the Certificate and Click Next. Here I am using WAP’s Wild Card Certificate which can be used for all the URLs what ever passing through WAP.
That is it.. Click on Close
Try to access the URL from Extranet. you can see that you have connected to WAP and used wild certificate what you have selected during publish but it is passing the connection to the Back end Server for authentication.
Once back-end server authentication is completed, You are able to see your your mailbox without any issues.
5 thoughts on “Publishing Exchange 2013 OWA Through WAP using Pass-through Authentication”
RK. I feel that u have missed out to explain the functionality of ADFS. kindly look into that.
Yes Arun.. I have updated them already. if you are looking especially how SAML and WS-FED works, I will cover them in upcoming articles..
If WAP is only doing passthrough authentication what is the difference in having the client traffic pass thru WAP rather than be directly natted to the internal Exchange Server?
Answering my own question 🙂
When you implement WAP you enhance security for web-based applications or ADFS by isolating them from direct contact with the Internet. This can help protect the internal, web-based application or ADFS from any malformed packets or requests that might result in a security breach. For example, WAP can protect against zero-day vulnerability that uses malformed requests, whch could result in a denial-of-service attack on a server that hosts a web-based application. WAP drops invalid requests before they reach the web-based application on an internal network.
Thank you Pyore.. Well Explained. Appreciated!!