Configuring WAP with Certificate Based Authentication

This is a walkthrough article on configuring the WAP to use Certificate-based authentication.

There are two parts which we will go through the configuration.

1. Configuring the WAP for KCD.

2. Enabling the Client Certificate Based Authentication on the ADFS Server.

We are using Exchange 2010 as the back-end Server and we will try to publish the Outlook Web Access using Certificate-based authentication on WAP.

Configuring Exchange:

On the Exchange Server we have enabled the Integrated Windows Authentication for OWA.

Configuring the WAP for KCD:

Below is a very good Article written by Shashanka which explains how to setup KCD for WAP.

http://blogs.msdn.com/b/windows_security__system_center/archive/2015/03/31/configure-wap-for-kcd-with-web-app.aspx

After the Configuration is done and tested we will move to the second part.

Enabling the Client Certificate-Based Authentication on the ADFS Server:

Here are the steps you need to follow to achieve this.

1. Open the ADFS console and go to “AD FS -> Authentication Policies -> Edit Global Primary Authentication”.

2. Enable Certificate Authentication.

3. Restart the ADFS Service and we are good to test.

Expected Result:

If everything goes well here is what we are expecting to see.

One you specify the certificate you will log on to the OWA.

Here are some related articles:

ADFS Certificates

http://blogs.technet.com/b/adfs/archive/2007/07/23/adfs-certificates-ssl-token-signing-and-client-authentication-certs.aspx

How to enable password + user certificate authentication in ADFS 3.0

http://blogs.technet.com/b/pauljones/archive/2014/05/27/how-to-enable-password-user-certificate-authentication-in-adfs-3-0.aspx

Hope the article helps.