Configuring WAP with Certificate Based Authentication

Configuring WAP with Certificate Based Authentication.

This is a Walk through article on configuring the WAP to use Certificate based authentication.

There are 2 parts in which we will go through the configuration. 

1. Configuring the WAP for KCD.
2. Enabling the Client Certificate Based Authentication on the ADFS Server.

I am using Exchange 2010 as by backend Server and i will try to publish the Outlook Web Access using Certificate based authentication on the
WAP.

Configuring Exchange:

On the Exchange Server I have enabled the Integrated Windows Authentication for OWA.

Configuring the WAP for KCD:

Below is a very good Article written by my friend Shashanka which explains how to setup KCD for WAP.

https://blogs.msdn.com/b/windows_security__system_center/archive/2015/03/31/configure-wap-for-kcd-with-web-app.aspx

After the Configuration is done and tested we will move to the second Part.

Enabling the Client Certificate Based Authentication on the ADFS Server:

Here are the steps you need to follow to achieve this.

1. Open the ADFS console and go to “AD FS -> Authentication Policies -> Edit Global Primary Authentication”.

2. Enable Certificate Authentication.

3. Restart the ADFS Service and we are good to test.

Expected Result:

If everything goes well here is what we are expecting to see.

One you specify the Certificate you will logon to the OWA.

 

Here are some related article.

ADFS Certificates

https://blogs.technet.com/b/adfs/archive/2007/07/23/adfs-certificates-ssl-token-signing-and-client-authentication-certs.aspx

How to enable password + user certificate authentication in ADFS 3.0

https://blogs.technet.com/b/pauljones/archive/2014/05/27/how-to-enable-password-user-certificate-authentication-in-adfs-3-0.aspx

I hope the article helps.

 

Thanks

Kumar Jayant

Support Escalation Engineer

Microsoft CSS