Question
After installing WAP APS package, it is not possible to access Tenant and Admin portals directly, only access from POA is possible. Is there any way to enable direct access, at least temporarily?
Answer
There is no way to enable both direct and indirect (from POA) access to Tenant and Admin portals. However, one can temporarily enable access to portals using the commands run on WAP infrastructure:
PS> Set-MgmtSvcRelyingPartySettings -Target @('Admin', 'Tenant') -MetadataEndpoint <https://old-endpoint> -ConnectionString $cnctString -DisableCertificateValidation
PS> Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint <https://old-endpoint> -ConnectionString $cnctString -DisableCertificateValidation
Here <https://old-endpoint> is an old metadata endpoint that was used previously, before WAP and POA were integrated.
NOTE: After direct access is enabled, access and integration with POA won't work. To enable it back, run the same commands with POA metadataendpoint (as stated in WAP deployment guide):
PS> Set-MgmtSvcRelyingPartySettings -Target @('Admin', 'Tenant') -MetadataEndpoint https://WAP-APS:4486/wap/metadata.xml -ConnectionString $cnctString -DisableCertificateValidation
PS> Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint https://WAP-APS:4486/wap/metadata.xml -ConnectionString $cnctString -DisableCertificateValidation