Exam 70-742 topic 1 question 234 discussion

D is wrong as it’s relying party trust that is needed for WAP via OAuth. https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-applications-using-ad-fs-preauthentication#BKMK_1.4 So C would be better.

My bad, I mean to say the correct answer is C like Hayemaker said

C. On ADFS1, enable an endpoint.

Answer is Correct:..........In the AD FS Management console, you must make sure that the OAuth endpoint is proxy enabled. To check if the OAuth endpoint is proxy enabled, open the AD FS Management console, expand Service, click Endpoints, in the Endpoints list, locate the OAuth endpoint and make sure that the value in the Proxy Enabled column is Yes. https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-applications-using-ad-fs-preauthentication

C. On ADFS1, enable an endpoint.

As per this link : https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-applications-using-ad-fs-preauthentication Publish an Application that uses OAuth2 such as a Microsoft Store App In the AD FS Management console, you must make sure that the OAuth endpoint is proxy enabled. Answer should be C

Correct answer: D. On ADFS1, add a claims provider trust.

the correct answer is D. On ADFS1, add a claims provider trust. A claims provider trusts are trust objects typically created in resource partner organizations to represent the organization in the trust relationship whose accounts will be accessing resources in the resource partner organization.

But why can't I add a site binding on Web1 before I add the endpoint on ADFS1?

C is correct

I think C is correct. On claim-based authentication a client has to connect with only web application proxy. But on OAuth based a client has to connect with web application proxy and federation server. Because of this endpoint must be set on federation server with which client can connect.

Definitions can be useful in this situation. Here is a link to a page containing the different ADFS components and their descriptions: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts

As the others have said, OAuth needs an endpoint.

Hayemaker: This one is correct . Web Application Proxy supports publishing only for Microsoft Store apps that use the OAuth 2.0 protocol. In the AD FS Management console, you must make sure that the OAuth endpoint is proxy enabled. To check if the OAuth endpoint is proxy enabled, open the AD FS Management console, expand Service, click Endpoints, in the Endpoints list, locate the OAuth endpoint and make sure that the value in the Proxy Enabled column is Yes. https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-applications-using-ad-fs-preauthentication#BKMK_1.4