Friday, June 5, 2015

Securing RD Gateway with Web Application Proxy - Part 2

Picking up where we left off...

Welcome to Part 2 of my series "Securing RD Gateway with Web Application Proxy." In Part 1 of the series, we had left off after installing AD Federation Services and Web Application Proxy. In addition to the installation, we also performed basic configuration of both products. In Part 2 of the series, we'll start configuring the pieces needed specifically to get RD Web Access and RD Gateway working behind Web Application Proxy.

Creating the Relying Party Trust in ADFS

Now that ADFS and WAP are both installed, the next step is to create a trust relationship between ADFS and RDS. This is accomplished by creating a Relying Party Trust within the ADFS Management console. Switch to the ADFS server, and from Server Manager, click Tools and select AD FS Management. In the ADFS Management console, expand Trust Relationships, right-click on Relying Party Trusts, and select Add Relying Party Trust from the context menu.

***NOTE*** - I originally tried adding a Non-Claims-Aware trust, but this was unsuccessful. After speaking with an engineer from Microsoft, he explained that RDS actually isn't fully claims-aware, but to create a claims-aware trust anyways to get everything working behind Web Application Proxy.
Adding the Relying Party Trust