Web application proxy for an internal web application with pre-authentication

Question

Hi,
maybe someone has a clue for me on this issue.
So I have a WAP set up with ADFS and it works fine for exposing an ADFS server to the internet.
Now I got the quest to replace the TMG server which could do pre-authentication, and a for me obvious idea is to use the WAP environment.

• I have a web application that is just a plain web application with no authentication and this needs to be secured
• I added a relying party non-claims aware
• I added a web application to the WAP pointing to the website in question
• I expected to get an authentication dialogue from the ADFS server (forms based)

Interestingly, instead of getting that dialogue, I get a 404 from a /adfs/ls?version signin url from the exposed external dns.
So a first redirect goes through, but then the login is not shown. Note that the /adfs/ls thing is not pointing to the adfs server, but to the external address of the web application.
Any ideas why I get a 404?
Best
Martin

Answer 1

You can trick the system by creating a dummy relying party trust (not anon-claim aware RP but an actual RP with dummy URI and name). They you can opt to publish it with ADFS pre-authentication on your WAP and it will do the trick.

Answer 2

Hi,
I was exactly going for that and implemented that. Yet the problem is, I get a reply, then a redirect, and then that /adfs/ls?version signin url which returns 404. I would expect the web app proxy to serve that page so that people can log in, but it doesn't.
So my question would be, is it expected to redirect to the ADFS authentication URL (which is different to the app url), or if the app is registered, all requests to the "subfolder"/application path /adfs/ would be handled by the proxy and not by the web application anymore?
Best
Martin