This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 74%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Good Afternoon,
My question is pretty simple. I'm just wondering if when using Windows Server 2016 Web Application Proxy to publish applications is there anyway to stop the WAP from doing SSL terminations (and rebuild) and just pass the traffic straight through without SSL inspection? We have an old IBM product that our customer is using (Maximo / WebSphere) and they want to access it over the web via CAC authentication.
In troubleshooting with WireShark it looks like the WAP server is tearing down and making a new connection to send back to the application server and the appliction server does not like that when we enable CAC. It works just fine across the web w/out CAC enabled but the CAC module is looking for the original SSL connection from what troubleshooting is leading us to believe. Just wanted to stop the WAP from terminating the connection prior to it reaching the app server? Any ideas?
*Note this was previously posted in another forum and I was advised to moving it to here. Hope that bears fruit. Thankx in advance.
When publishing multiple URLs with the same host the only way to know what is the full URL is to actually terminate the tunnel and look at the HTTP headers. Without breaking the tunnel, the inly info we are left with is the destination IP address and eventually the SNI header if that's set.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
As far as I know (@Pierre Audonnet - MSFT maybe to confirm), WAP has no functionallity for passthrough as WAP terminates the TLS traffic and establishes a new connection. Had the same issue for an application. we solved it using NGiNX reverse proxy with ADFS (https://www.nginx.com/blog/high-availability-microsoft-active-directory-federation-services-nginx-plus/).