The Web Application Proxy service in Windows Server 2012 can be used to provide pre-authentication and backend authorization to non-claims aware applications published with Integrated Windows Authentication (IWA) using Kerberos for external clients.