🛡️

cWAP

DSC resources for managing Windows Server Web Application Proxy (WAP) and publishing applications with declarative PowerShell configurations.

⭐ 3 Stars

⬇️ 1,024 Downloads

🏷️ v0.4.0 Version

📜 MIT License

Install: Install-Module -Name cWAP

⬇️ PowerShell Gallery View on GitHub

Documentation

Overview

cWAP is a PowerShell DSC module for configuring and managing Windows Server Web Application Proxy (WAP). It lets you describe WAP setup and published applications declaratively, then enforce that desired state consistently across environments.

The module exports two DSC resources:

cWAPConfiguration for WAP server and federation settings
cWAPWebsite for published application definitions

Installation

Install from the PowerShell Gallery:

# Install for current user
Install-Module -Name cWAP -Scope CurrentUser

# Import
Import-Module cWAP

Quick Start

Use cWAP in a DSC configuration to install and configure WAP, then publish applications.

Configuration ConfigureWap {
    param(
        [PSCredential]$FederationCredential,
        [string]$FederationServiceName,
        [string]$CertificateThumbprint,
        [string]$ExternalUrl,
        [string]$BackendServerUrl
    )

    Import-DscResource -ModuleName cWAP

    Node localhost {
        cWAPConfiguration WapBaseConfig {
            Ensure                = "Present"
            FederationServiceName = $FederationServiceName
            Credential            = $FederationCredential
            CertificateThumbprint = $CertificateThumbprint
            HttpsPort             = 443
            TlsClientPort         = 49443
        }

        cWAPWebsite PublishedApp {
            Ensure                        = "Present"
            ApplicationName               = "Contoso App"
            BackendServerUrl              = $BackendServerUrl
            ExternalCertificateThumbprint = $CertificateThumbprint
            ExternalUrl                   = $ExternalUrl
            ExternalPreauthentication     = "ADFS"
            DependsOn                     = "[cWAPConfiguration]WapBaseConfig"
        }
    }
}

DSC Resources

`cWAPConfiguration`

Configures the Web Application Proxy role connection to ADFS and related WAP settings.

Property	Type	Required	Description
`Ensure`	`Present/Absent`	No	Whether WAP configuration should exist
`FederationServiceName`	`string`	Yes (key)	ADFS service name (for example `adfs.contoso.com`)
`Credential`	`PSCredential`	Yes	Domain admin credential used to register WAP
`CertificateThumbprint`	`string`	Yes	Certificate thumbprint bound to the federation service
`ForwardProxy`	`string`	No	Optional outbound proxy in `FQDN:Port` format
`HttpsPort`	`int`	No	HTTPS listener port, default `443`
`TlsClientPort`	`int`	No	TLS client auth port, default `49443`
`ADFSTokenAcceptanceDurationSec`	`int`	No	Optional ADFS token acceptance duration
`UserIdleTimeoutSec`	`int`	No	Optional user idle timeout
`UserIdleTimeoutAction`	`string`	No	Idle timeout action, for example `Signout`

`cWAPWebsite`

Defines and maintains published applications behind WAP.

Property	Type	Required	Description
`Ensure`	`Present/Absent`	Yes	Whether the published app should exist
`ApplicationName`	`string`	Yes	Display name for the WAP application
`BackendServerUrl`	`string`	Yes (key)	Internal URL of the backend application
`ExternalCertificateThumbprint`	`string`	Yes	External certificate thumbprint
`ExternalUrl`	`string`	Yes	Public URL for client access
`ExternalPreauthentication`	`string`	No	Pre-auth mode, defaults to `ADFS`
`ADFSRelyingPartyName`	`string`	No	Relying party name when using ADFS
`BackendServerAuthenticationMode`	`string`	No	Backend auth mode
`EnableHTTPRedirect`	`bool`	No	Enable HTTP to HTTPS redirect

Validation Helper

The module also exposes Test-sslBinding, a helper function used to validate certificate binding state.

Import-Module cWAP

$ok = Test-sslBinding -port 443 -certificateThumbprint "0123456789ABCDEF0123456789ABCDEF01234567"
if ($ok) {
    Write-Host "SSL binding is configured correctly"
}

When to Use cWAP

You manage WAP infrastructure with DSC and want repeatable configuration.
You need idempotent publishing of multiple ADFS pre-authenticated applications.
You want WAP settings to be source-controlled and deployable through CI/CD.

Contributing

Contributions are welcome. See the GitHub repository for source, issues, and pull requests.

License

cWAP is released under the MIT License.