top of page

Publishing Exchange 2013 OWA Through WAP using Pass-through Authentication

I have covered how to install WAP (Web Application Proxy) in Server 2012 R2 and Let’s see how to publish Exchange 2013 OWA using WAP.

The following table describes the Exchange services that you can publish through Web Application Proxy and the supported preauthentication for these services:


 What is Pass-Through Authentication?

When you want to publish the Application through WAP, there will be two options one is ADFS Authentication which is claims-Based Authentication and Pass-through Authentication.

This mechanism of delegating the authenticationrequest to a domain controller is called passthrough authentication, a process in which the server passes the logon request through to the domain controller.

Confusing Right??.Let me simplify it.

An Example, When user accessing the OWA URL from extranet, there can be two types of authentication. WAP can preauthenticate the user and then pass the connections to the right application in the backbone with preauthenticated Calims(Token)  and second one, passing the connections to the backbone application in this WAP will be just redirecting  the user to the application, application will take care the authentication process.

Exchange 2013 OWA Supports for both ADFS authentication and Pass-through authentication. I will cover ADFS Authentication in upcoming articles.

Publishing the Exchange 2013 OWA using Pass-Thorugh Authentication is very simple to setup and it can be done very faster and there are no changes required at application end or ADFS end.

Open Server Manager–> Tools–>Remote Access Management 


Click on Publish 


Click Next


Select Pass-through


Enter the Name, External URL and Back-end Server URL and Select the Certificate and Click Next. Here I am using WAP’s Wild Card Certificate which can be used for all the URLs what ever passing through WAP.


That is it.. Click on Close 


Try to access the URL from Extranet. you can see that you have connected to WAP and used wild certificate what you have selected during publish but it is passing the connection to the Back end Server for authentication.


Once back-end server authentication is completed, You are able to see your your mailbox without any issues.

17 views0 comments
bottom of page