Export (0) Print
Expand All

Add-WebApplicationProxyApplication

Add-WebApplicationProxyApplication

Publishes a web application through Web Application Proxy.

Syntax

Parameter Set: Add0
Add-WebApplicationProxyApplication [-Name] <String> -BackendServerUrl <Uri> -ExternalUrl <Uri> [-ADFSRelyingPartyName <String> ] [-ADFSUserCertificateStore <System.String> ] [-BackendServerAuthenticationSPN <String> ] [-BackendServerCertificateValidation <String> {None | ValidateCertificate} ] [-CimSession <CimSession[]> ] [-ClientCertificateAuthenticationBindingMode <String> {None | ValidateCertificate} ] [-ClientCertificatePreauthenticationThumbprint <String> ] [-DisableHttpOnlyCookieProtection] [-DisableTranslateUrlInRequestHeaders] [-DisableTranslateUrlInResponseHeaders] [-EnableHTTPRedirect] [-EnableSignOut] [-ExternalCertificateThumbprint <String> ] [-ExternalPreauthentication <String> {PassThrough | ADFS | ClientCertificate | ADFSforRichClients | ADFSforOAuth | ADFSforBrowsersAndOffice} ] [-InactiveTransactionsTimeoutSec <UInt32> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-PersistentAccessCookieExpirationTimeSec <System.UInt32> ] [-ThrottleLimit <Int32> ] [-UseOAuthAuthentication] [ <CommonParameters>] [ <WorkflowParameters>]




Detailed Description

The Add-WebApplicationProxyApplication cmdlet publishes a web application through Web Application Proxy. Use this cmdlet to specify a name for the web application, and to provide an external address and the address of the backend server. External clients connect to the external address to access the web application hosted by the backend server. The cmdlet checks the external address to verify that no other published web application uses it on any of the proxies in the current Active Directory Federation Services (AD FS) installation.

You can specify the relying party for use with AD FS, the service principal name (SPN) of the backend server, a certificate thumbprint for the external address, the method of preauthentication, and whether the proxy provides the URL of the federation server to users of Open Authorization (OAuth). You can also specify whether the application proxy validates the certificate from the backend server and verifies whether the certificate that authenticates the federation server authenticates future requests.

The proxy can translate URLs in headers. You can disable translation in either request or response headers, or both.

You can also specify a time-out value for inactive connections.

This cmdlet supports passing multiple WebApplicationProxyApplication objects through the pipeline.

Parameters

-ADFSRelyingPartyName<String>

Specifies the name of the relying party configured on the AD FS federation server.


Aliases

RPName

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ADFSUserCertificateStore<System.String>

Specifies the certificate store for a AD FS user.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true(ByPropertyName)

Accept Wildcard Characters?

false

-BackendServerAuthenticationSPN<String>

Specifies the service principal name (SPN) of the backend server. Use this parameter if the application that the backend server hosts uses Integrated Windows authentication.


Aliases

SPN

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-BackendServerCertificateValidation<String>

Specifies whether Web Application Proxy validates the certificate that the backend server presents with the WAP configuration per application. The acceptable values for this parameter are:

-- None
-- ValidateCertificate


Aliases

none

Required?

false

Position?

named

Default Value

None

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-BackendServerUrl<Uri>

Specifies the backend address of the web application. Specify by protocol and host name or IP address. Include the trailing slash (/). You can also include a port number and path. The following examples show the form of an address:

-- http://AccountingApp.Contoso.com/
-- http://Mail.Contoso.com/Remote/
-- http://Portal/


Aliases

BackendUrl

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ClientCertificateAuthenticationBindingMode<String>

If this parameter is set to ValidateCertificate then the browser sends a certificate with each request and validates that the device certificate thumbprint from the certificate is included in the token or the cookie. The acceptable values for this parameter are:

-- None
-- ValidateCertificate


Aliases

none

Required?

false

Position?

named

Default Value

None

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ClientCertificatePreauthenticationThumbprint<String>

Specifies the certificate thumbprint, as a string, of the certificate that a client supplies for the preauthentication feature. The thumbprint is 40 hexadecimal characters. This parameter is only relevant when you specify the value of ClientCertificate for the ExternalPreauthentication parameter.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DisableTranslateUrlInRequestHeaders

Indicates that Web Application Proxy does not translate HTTP host headers from public host headers to internal host headers when it forwards the request to the published application.

Specify this parameter if the application uses path-based information.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DisableHttpOnlyCookieProtection

Indicates that this cmdlet disables the use of the HttpOnly flag when Web Application Proxy sets the access cookie. The access cookie provides single sign-on access to an application.

Important: by default, HttpOnly is enabled to help ensure network protection. If you disable HttpOnly flag protection, the browser may share this cookie with other components on the client device, such as ActiveX, Java Applets and JavaScript, so they can access this application without the need to perform additional preauthentication.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DisableTranslateUrlInResponseHeaders

Indicates that Web Application Proxy does not translate internal host names to public host names in Content-Location, Location, and Set-Cookie response headers in redirect responses.

If the proxy does not translate host names in the Content-Location or Location response headers, subsequent client requests resolve incorrectly. If the proxy does not translate the host name in the Set-Cookie response header, the published web application might not use cookies properly.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableHTTPRedirect

Indicates that this cmdlet enables HTTP redirect for Web Application Proxy.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true(ByPropertyName)

Accept Wildcard Characters?

false

-EnableSignOut

Indicates whether to enable sign out for Web Application Proxy.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true(ByPropertyName)

Accept Wildcard Characters?

false

-ExternalCertificateThumbprint<String>

Specifies the certificate thumbprint, as a string, of the certificate to use for the address specified by the ExternalUrl parameter. The thumbprint is 40 hexadecimal characters.

The certificate must exist in the Local Computer or Local Personal certificate store. You can use a simple certificate, a subject alternative name (SAN) certificate, or a wildcard certificate.


Aliases

ExternalCert

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExternalPreauthentication<String>

Specifies the preauthentication method that Web Application Proxy uses. The acceptable values for this parameter are:

-- ADFS
-- ClientCertificate
-- PassThrough
-- ADFSforRichClients
-- ADFSforOAuth
-- ADFSforBrowsersAndOffice


Aliases

PreAuthN

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExternalUrl<Uri>

Specifies the external address, as a URL, for the web application. Include the trailing slash (/).


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-InactiveTransactionsTimeoutSec<UInt32>

Specifies the length of time, in seconds, until Web Application Proxy closes incomplete HTTP transactions.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-InformationAction<System.Management.Automation.ActionPreference>

Specifies how this cmdlet responds to an information event. The acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend


Aliases

infa

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-InformationVariable<System.String>

Specifies a variable in which to store an information event message.


Aliases

iv

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Name<String>

Specifies a friendly name for the published web application.


Aliases

FriendlyName

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-PersistentAccessCookieExpirationTimeSec<System.UInt32>

Specifies the expiration time, in seconds, for persistent access cookies.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true(ByPropertyName)

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. Do not specify a value for this parameter greater than 1.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-UseOAuthAuthentication

Indicates that Web Application Proxy provides the URL of the federation server that performs Open Authorization (OAuth) when users connect to the application by using a Windows Store app.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (http://go.microsoft.com/fwlink/p/?LinkID=113216).

<WorkflowParameters>

This cmdlet supports the following workflow common parameters: -PSParameterCollection, -PSComputerName, -PSCredential, -PSConnectionRetryCount, -PSConnectionRetryIntervalSec, -PSRunningTimeoutSec, -PSElapsedTimeoutSec, -PSPersist, -PSAuthentication, -PSAuthenticationLevel, -PSApplicationName, -PSPort, -PSUseSSL, -PSConfigurationName, -PSConnectionURI, -PSAllowRedirection, -PSSessionOption, -PSCertificateThumbprint, -PSPrivateMetadata, -AsJob, -JobName, and –InputObject. For more information, see    about_WorkflowCommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Publish a web application

This command publishes a web application that specifies the value of AD FS for the ExternalPreauthentication parameter.


PS C:\> Add-WebApplicationProxyApplication -Name "Contoso App" -ExternalPreauthentication ADFS -ExternalUrl https://ContosoApp.Contoso.com/ -ExternalCertificateThumbprint "69DF0AB8434060DC869D37BBAEF770ED5DD0C32A" -BackendServerUrl http://ContosoApp:8080/ -ADFSRelyingPartyName "ContosoAppRP"

Example 2: Publish a web application that omits external preauthentication

This command publishes a web application named ContosoApp. The command specifies a backend server URL and an external URL. The application uses pass-through preauthentication.


PS C:\> Add-WebApplicationProxyApplication -Name "ContosoApp" -BackendServerUrl http://ContosoApp/ -ExternalUrl https://ContosoApp.Contoso.com/ -ExternalPreauthentication "PassThrough" -ExternalCertificateThumbprint "D1A657E1A4F276FCC45613C0F6B3BC91AFC4633F"

Example 3: Publish an Exchange Active Sync application

This command publishes an Exchange Active Sync application. The application uses Integrated Windows Authentication with (IWA) Kerberos Constrained Delegation (KCD).


PS C:\> Add-WebApplicationProxyApplication -BackendServerAuthenticationSPN 'HTTP/EXCH1.contoso.com' -BackendServerUrl 'https://extmail.contoso.com/Microsoft-Server-ActiveSync/' -ExternalCertificateThumbprint '27A3F96517C27443207BBFE94FA65E1B154170BB' -EnableHTTPRedirect -ExternalUrl 'https://extmail.contoso.com/Microsoft-Server-ActiveSync/' -Name 'ActiveSync' -ExternalPreAuthentication ADFSforRichClients -ADFSRelyingPartyName 'ActiveSync' -ADFSUserCertificateStore 'Root'

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft