This may work, but is probably a bad idea because the MWG will not be able to manage its computer account on the domain (like the password). LDAP and kerberos wouldnt be a bad idea for this situation.
Thanks for your response. I want to use RODC because our customer don't want leave DC in our plateform by security. How can i do Web Gateway join to RODC ?
as Jon stated you won't be able to join the domain on a read-only domain controller. MWG will create and manage a computer account, which is not possible on a read-only domain controller.
Your only options are to switch to a domain controller where MWG can create and modify its computer account OR (as Jon stated) switch to Kerberos (and probably NTLM). For Kerberos Authentication MWG will only import a secret which is used to validate that users are correctly authenticated. After you did the authentication with Kerberos you can lookup group memberships via LDAP, which can also be done on a read only domain controller, as long as it offers LDAP (it should by default).
On a read-only domain controller NTLM is not an option. Installing the NTLM Agent may be another option, but I cannot say whether this works on a read only DC.