Hi.
I have recently upgraded from CRM 2011 + ADFS 2.0 to CRM 2015 + ADFS 3.0.
I have managed to get it working, but there are some issues.
My adfs server: adfs.domain.com is both used externally and internally. The server-name is server.domain.local but has a certificate for *.domain.com and is set up to use adfs.domain.com
This adfs-server is than exposed to the internet threw Big-IP so that is get a different ip extenally.
So ADFS ip's:
Internally: 1.1.1.1
External: 2.2.2.2
I then added a DNS record that adfs.domain.com should go to ip 2.2.2.2 (external), and externally work fine (get the logon form), but then internally does not work.
Error: Requested Authentication Method is not supported on the STS.
If I override in host file on a internal client that adfs should go to 1.1.1.1 it works internally.
The issue on hand is that my hosting partner is very reluctant to add the 1.1.1.1 DNS/A-record on the intranet.
And this worked with ADFS 2.0, ie using the extenal ip to resolve via the ADFS threw the external address with windows authentication (wauth=urn%3afederation%3aauthentication%3awindows), but this dosen't seem to work as "smooth" in ADFS 3.0.
And tips?