One of the main advantages to using LFDS is that you no longer need to configure Kerberos.  Kerberos is required when one application (the browser) sends its Windows identity to another application (e.g. Web Access) and that application wants to delegate that identity to a third application (LFS).  With LFDS, the Windows identity is used only to authenticate to LFDS, which then uses SAML to represent the user's identity to the other web applications.

Can you be more specific about your pass-through authentication question?  That term has multiple meanings depending on the context (one, two), and I don't know which one you mean here.

By default now, most browsers no longer automatically log in using windows authentication and must be configured to do so.  There are different ways to configure different browsers, so do a web search for how to configure your preferred browser.

Anyone get this working? I would also like to enable pass-through authentication for Laserfiche Forms and Laserfiche Web.

Update:

I just got this working, see this post: https://answers.laserfiche.com/questions/52155/Forms-LDAP-and-Pass-Through-Authentication

I added NTLM authentication to the list of providers in IIS under authentication - Windows Authentication.  I had to do this on both the Forms and Laserfiche virtual directories under Default Web Site.

After that is setup you still need to configure your browser to pass-through authentication. For IE/Edge this is done through the Internet Option Control panel. Add the domain of your laserfiche servers to the "Local intranet" sites list. You can either do this manually or through group policy.

You can do the same for Google Chrome and Firefox. Chrome calls it "AuthServerWhitelist" and Firefox calls it "spnego" authentication. Google those terms and you'll find instructions on how to change the settings for those browsers. I did it via the Firefox and Google Chrome group policy options.