To date, I've only ever used ADFS for claims aware applications.
I'm now looking at using it for some non-claims aware applications.
I've read that the WAP server must be domain joined for this so that it can perform Kerberos constrained delegation.
I've previously been told that domain joined servers shouldn't be in the DMZ. Assuming that advice is still best practice, what is the most secure way of deploying domain joined WAP servers in a DMZ? ..... And are there any alternative configurations that would still allow authentication for non-claims aware applications
Thanks for your help