The WAP servers do not have a requirement to be domain joined at all when they are solely used as ADFS Proxy servers.
You need to domain joined them only if you intend to publish non-claim aware applications using Kerberos constrained delegation. If not, they can even be in a workgroup.
WAP and ADFS on differant domains
AHamilton
1
Reputation point
I've setup an adfs that works well inside our network however there is a need now to use it to access a site from outside the domain. I was looking at setting up a WAP in our DMZ however the internal and external domain are different. Everything I've looked over states the internal and external domain have to be the same in order to get this working properly. Is there a was around this?
1 answer
Sort by: Most helpful
-
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
2021-04-14T01:08:44.397+00:00