Windows Application Proxy Server 2016 SSL Termination - CAN YOU TURN IT OFF??

BigPleyRay 1 Reputation point

Good Afternoon,
My question is pretty simple. I'm just wondering if when using Windows Server 2016 Web Application Proxy to publish applications is there anyway to stop the WAP from doing SSL terminations (and rebuild) and just pass the traffic straight through without SSL inspection? We have an old IBM product that our customer is using (Maximo / WebSphere) and they want to access it over the web via CAC authentication.

In troubleshooting with WireShark it looks like the WAP server is tearing down and making a new connection to send back to the application server and the appliction server does not like that when we enable CAC. It works just fine across the web w/out CAC enabled but the CAC module is looking for the original SSL connection from what troubleshooting is leading us to believe. Just wanted to stop the WAP from terminating the connection prior to it reaching the app server? Any ideas?

*Note this was previously posted in another forum and I was advised to moving it to here. Hope that bears fruit. Thankx in advance.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,037 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Christoph Thurnheer 81 Reputation points

    As far as I know (@Pierre Audonnet - MSFT maybe to confirm), WAP has no functionallity for passthrough as WAP terminates the TLS traffic and establishes a new connection. Had the same issue for an application. we solved it using NGiNX reverse proxy with ADFS (