Skip to main content
Habanero logo
Get in touch
Back to resources

Publishing SharePoint 2010 through Web Application Proxy: Publishing WAP

Profile picture of Marty van den BoschMarty van den Bosch

Now that you have setup a Web Application server, and configured your SharePoint site to use Kerberos, we can move on to configuring ADFS and WAP to publish our site.

Configure Relying trust for your SharePoint site on ADFS 3.0

Launch the AD FS Management console using an administrator account.

On the Left pane, Right click on Relying Party Trusts and select Add Non-Claims-Aware Relying Party Trust.

Click Start, and on the next page enter a descriptive name then click next

Enter the URL for your SharePoint site and click add then next

Click Next on the Multi-Factor page as we will not be configuring this.

Click Next on the identifier page. On the final page leave the checkbox checked to launch rules, and click close.

In the Issuance Authorization Rules Window, click Add Rule.

Add a single rule to permit all users and click next/finish

Publish your SharePoint site using Web Application Proxy

Import your SharePoint site certificate into the WEP local certificate store via MMC

Launch the Remote Access management console with administrative credentials

From the Left highlight your WAP server, then select ‘Publish’ from the Right.

Click next on the Welcome page, then select AD FS on the Preauthentication page and click Next

On the Relying Party page, select your SharePoint party and click Next

On the Publishing Settings page, fill in the requested information and slect the SharePoint site certificate from the drop down.

For the backend SPN use the one you specified (ie http/portal.domain.com ) then click next

Verify the information on the Confirmation page and click Publish

Done!

Now you need to setup your External DNS to point and NAT through your firewall to the WAP server's IP.

One final point to note

When you use Web Application Proxy like this, you MUST have the ADFS Federation Service FQDN in DNS point to the Web Application Proxy server IP, or it this not work. WAP is acting as the face of ADFS.

This can be problematic as you will want to ensure all your ADFS relying entries are configured in WAP as well, and you will also need to consider high availability ramifications if you had this in place for your ADFS farm.

Now, test your setup!

Note: This is a customized sign-in page for ADFS 3.0, a topic to cover in another post.


Profile picture of Marty van den Bosch

Director, Information Technology, Marty van den Bosch is responsible for managing, maintaining and evolving Habanero’s technologies. A multi-tasker known for his exceptional priority management skills, Marty handles Habanero’s internal IT process, planning, management and direction among other accountabilities, including mentoring his colleagues on the IT team. With a focus on internal systems and IT direction, Marty strives to keep our company on the leading edge of Microsoft technologies.

Marty has been working in the IT industry for more than 30 years. Prior to joining Habanero, he was a systems engineer. Outside of work, he spends most of his time gardening, working on his side business adventures and enjoying time with his wife and son. He also enjoys multi-day hikes in local mountains and, when possible, exploring future retirement locations along the Caribbean coastline.