I'll describe the situation and hope someone can point me in the right direction.
We have enabled ADFS sign on for office 365. We have several laptop users who connect from all over the place and implemented DirectAccess so they would be automatically connected to our corporate LAN.
When these users are working on the wired network (Direct Access not needed) and go to the OWA site they put the URL in the browser and type their email address in the window. The logon page redirects them to our ADFS site, they are logged in using cached credentials and redirected to the Office 365 site.
When they are outside the office and connected via DirectAccess the logon process changes. They go to the OWA site, put in their logon name, and are redirected to the ADFS site. This time they are presented with a popup and 2 certificates, One from the Communications Server with a 1 day range and the other from the local PKI server. No matter which certificate is chosen the adfs server hangs. If you press cancel the server asks for the logon credentials. If you select a certificate, all subsequent attempts use that certificate and there is no option to cancel.
The ADFS server should not be using credentials for authentication. Can that be turned off easily?
I read an article that said it could be a Certificate Revocation Lookup issue which is a possibility since the RCL server is NOT in the DMZ or available from servers in the DMZ.
Thanks for any help you can give me!
Vince