I want to start by defining (Relying Party). ADFS has many Relying Parties, and those are the systems or devices that trust ADFS for authentication. In our context, ADFS has three relying parties:
- Web Application Proxy itself is a relying party to ADFS, because it trusts ADFS for authentication.
- The LOB applications are relaying parties to ADFS, because they trust it for authentication.
Note: ADFS is called STS which stands for ” Security Token Service”
Suppose we have line of business application (LOB), and we have our ADFS that contains application policies, and we have the Web Application Proxy. The line of business application is accessible internally using http://lob. The ADFS URL is https://sts.fabrikam.com that is published externally via the WAP (Web Application Proxy)
What we will do is to publish the LOB app on the WAP using the fully qualified domain name and with SSL, and the WAP will send 302 Redirect response to https://sts.fabrikam.com to do the pre-authentication. the ADFS will authenticate the user and will send him a token