Hi!
It might be that this is a newbie-question, but I'm running out of ideas-
We have ADFS running on MS suggested configuration, with 2 servers running as ADFS farm and 2 ADFS proxies with hardware LB's feeding the incoming traffic to them.
Computers are domain-joined Win7/8/8.1, using IE10&11. GPO sets the DNS name fo the service URL as "intranet site".
Configuration uses "split-brain" DNS (like MS suggests) meaning internal DNS points directly to ADFS Farm servers, external DNS to the Proxy servers, both with same URL.
All servers are 2012 R2, with all the latest patches.
I've ran security configuration wizard on Proxy servers, which is one item that I fear could be causing the issue...
Symptoms are that when clients go to https://ADFSservername.domain.com/adfs/ls/idpinitiatedsignon, in the LAN connection they are connected automatically when they press "sign in to this site". From the internet (through proxies), they are prompted for credentials. If they do give the credentials, authentication works.
I've search all the logs and captured traffic etc but I cannot pinpoint the problem. It SHOULD work. :)
Any ideas, anyone? All help is greatly appreciated.