What is the difference between Web Application Proxy and Federation service proxy?

What is the difference between Web Application Proxy and Federation service proxy?

I know both use as a proxy server but what the difference?
LVL 1
SAM2009Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
The distinction are the requests it is proxying.



One proxies web requests
The other proxies authentication/authorization requests. For sonething like single signon.

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/deploying-federation-server-proxies-w2k12r2
MaheshArchitectCommented:
Federation service proxy servers typically sits in DMZ and only connects to your onpremise adfs server

Any requests coming to adfs from internet will be received on federation proxy and then connection proxies to adfs

Web application proxy (WAP) - there are two types of WAP
1st - When you install federation proxy, same time one more component also get installed on this server which is known as web application proxy, purpose is to publish in-house internal applications to internet via this WAP server with SSO, pass through authentication

2nd -  another type is Azure WAP servers which is service running in Azure as WAP service and it also allows you to publish your internal applications to internet
SAM2009Author Commented:
Hi,

Look I mean these:

We have choice to install proxy like this by adding Federation Service Proxy:

proxy1.jpg

And like this by adding Remote Access:

proxy2.jpg
What is the difference?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

arnoldCommented:
Federation as was covered earlier provides access to your user for a single sign on when other, external resources are use. Look at it as a similar way that Facebook, Google, Microsoft, and others provide a way for users to authenticate into other systems.

Each of those have a reference that a user from the respective providers when enters the username, password the request is sent to the "publicly" accessible server that accepts the transaction, username, password, source of request, purpose. The response from this transaction exchange is yes or no on whether the info is valid/not and potentially what rights the user can be afforded..

The federation proxy is on your side what will be seeing the transaction that would/could be proxied to a DC to cal usage the request and then proxy the response to the requester. At no point does the user gain access to your internal resources.

Remore access is a way to provide a user access to an internal resource whether it is the total access to the an by way of a remote session on a RDS/terminal server or provide a user access to run a specific application (Windows native versus a web based)
Not sure if it helps, RDP with a specified app is what Citrix provides.
SAM2009Author Commented:
I mean in Remote Access we install Web Application Proxy. That proxy looks playing the same as  Federation Service Proxy.

Both proxy will redirect to internal ADFS...but what the difference?
arnoldCommented:
Try it this way, a federation service is similar to a sevurity officer at the lobby.
Person enters, tells the security guard who they are here to see, their name. The security guard either consults an authorized/expected visitor list, or calls up to check whether the person is expected.
The other, is a person comes to the same sevurity guard, but adds one small thing, they need to fill out specific forms.
In this case, the person is provide the forms they need to fill out. Once completed and handed back to the person at the front desk, then and only then will the people will be made aware that you are here with the completed forms.


The issue/differentiation is based on what information/response us expected from either side.

Web app proxy, I think is a reverse proxy used to shield the web application server from a direct attack, exposure.

Consider it thus way, a person can be a legal proxy representing someone for one thing
A person can designate someone to be their vote proxy.

The difference deals what their functions are, not that proxy us the common term used to describe them.

Proxy means by itself provides no services and controls nothing.
It expects a specific type of request that it sends to a specific destination and returns the response it receives to the same destination from which it received a request.

Sending an authentication/authorization request for sso access to a web proxy will commonly mean you will get a denied access as the sending application will not receive what it expects I.e. Grant or deny user access.
MaheshArchitectCommented:
Like I said before web application proxy is updated version of federation proxy
Federation proxy only can communicate with adfs server which is 2008 version

WAP is 2012 version which also must connect to adfs but also can act as application proxy

Where is the confusion?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SAM2009Author Commented:
Ah ok WAP it's an updated version. And old version can still be installed on Windows 2012 R2.
MaheshArchitectCommented:
No, you can't
Old version only can be installed with 2008 R2
SAM2009Author Commented:
Thanks for clarification.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.