I am trying to set up Web Application Proxy on my network, but stumped by the configuration wizard requiring AD FS info. I have half a dozen internal apps, each with Windows Authentication set on them, and one IP through which they all need to be shared (and then parsed out to the right internal server via hostname). I planned to use the Passthrough Pre-authentication that is specified in the manual as the method to access each of them, and thus not rely on ADFS to do preauth.
However, the wizard, both in the GUI and in powershell, seem to require an ADFS setup I don't have, even though the manual doesn't say it is required that I can find. If I run:
Add-WebApplicationProxyApplication -BackendServerURL 'https://intranet.corp.foobar.com/' -ExternalCertificateThumbprint '41F98F3BC0E72C8AAD94556B8EED55728EF0B304' -ExternalURL 'https://intranet.corp.foobar.com/'-Name 'Sharepoint Intranet (no preauthentication)' -ExternalPreAuthentication PassThrough
I get an error saying I must run Install-WebApplicationProxy first. And that requires ADFS info I cannot supply.
Does the setup, even if you only want to use passthrough pre-auth, really require ADFS? Or is there a supported way to sidestep the config wizard? If the former is true, can someone explain why? I'd rather not have to install ADFS as I'll never use it for anything else.
I could easily put up Squid or Nginx or Apache with mod_proxy and accomplish the same, with about 10 minutes work. But, I'd rather not have to spin up a new linux virtual machine to do so, as I already have DirectAccess working great on this box and just need to support the web apps for downlevel clients. This seems like the perfect solution, but the wizard seems to be in the way of a very logical config.