Purpose of ADFS 3.0 WAP Server with No Published Apps

compdigit44
compdigit44 used Ask the Experts™
on
We have two internal ADFS 3.0 servers setup in a farm. We are also have two WAP servers in the DMZ which are behind a load balancer. Here is my question, we do not publish apps. I know the purpose of WAP is to block direct access to the ADFS servers. If our WAP are not hosting Apps and behind a firewall an load balancer what more are they doing if anything?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MaheshArchitect
Distinguished Expert 2018

Commented:
The setup is crated for highly available ADFS infrastructure

If you are using any 3rd party apps in outside your network which need authentication from your AD, you will create relying party on ADFS and at that time your application will contact account provider (ADFS) through this WAP servers (they must be published on internet)

WAP setup can be used to publish other apps as well (pass through / SAML authentication)

Author

Commented:
Thank you for your feedback. In short, even though we are not publishing Apps but using Apps hosted outside of our company WAP servers are still needed????
MaheshArchitect
Distinguished Expert 2018

Commented:
yes, for example If you are using o365 services, Azure Services and you wanted to use on premise active directory for authentication

Author

Commented:
On so the WAP are brokering the connections to the internal ADFS servers?
Architect
Distinguished Expert 2018
Commented:
Yes, WAP is there to proxy connection requests to adfs since its not recommended to publish adfs servers directly on internet

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial