Hello,
We have a setup with an ADFS Farm and Web-Application Proxy. We would like to implement Windows Authentication for some clients through the WebApplication Proxy (Some clients we control but can't put various dns depending on in/out).
We are not using WebApplication Proxy for the ADFS Proxy and therefore we can chose either to put the X-MS-Proxy in the header or not. In the current scenario if we don't put the x-ms-proxy then it fails with error message:
"The incoming sign-in request is not allowed due to an invalid Federation Service configuration. "
If we put it then there is no option on ADFS to use Windows Authentication for External access and users are prompted with form.
Is there anyway either:
To allow on ADFS request for WebApplicationProxy that are coming from intranet ? (No X-MS-Proxy header)
To use windows Authentication for External users ? (With X-MS-Proxy header)
Thanks
Best Regards
Philippe
