After entering your federated domain account in a browser, are you being redirected to your internal domain name (e.g. adfs.contoso.local) instead of public domain name (e.g. adfs.publicdomain.com)?
PS C:\Windows\system32> Get-MsolFederationProperty -DomainName adfs.myexternaldomain.com
Source : ADFS Server ActiveClientSignInUrl : https://adfs.contoso.local/adfs/services/trust/2005/usernamemixed FederationServiceDisplayName : Contoso Corporation FederationServiceIdentifier : http://adfs.contoso.local/adfs/services/trust FederationMetadataUrl : https://adfs.contoso.local/adfs/services/trust/mex PassiveClientSignInUrl : https://adfs.contoso.local/adfs/ls/ PassiveClientSignOutUrl : https://adfs.contoso.local/adfs/ls/ <more stuff here, not listed>
Source : ADFS Server ActiveClientSignInUrl : https://adfs.contoso.local/adfs/services/trust/2005/usernamemixed FederationServiceDisplayName : Contoso Corporation FederationServiceIdentifier : http://adfs.contoso.local/adfs/services/trust FederationMetadataUrl : https://adfs.contoso.local/adfs/services/trust/mex PassiveClientSignInUrl : https://adfs.contoso.local/adfs/ls/ PassiveClientSignOutUrl : https://adfs.contoso.local/adfs/ls/
<more stuff here, not listed>
Check by using “Get-MsolFederationProperty -DomainName adfs.myexternaldomain.com” or your browser to see if you are being redirected to the correct URL this time.
Consider leaving a reply in case this post helped you. Thanks!
Can I use different DNS namespaces for Internal VS External Access? Something like Internally ADFS endpoint is "int.contoso.com" and externally called "ext.internet.net" ? I was hoping I can with SAN certs and additional DNS zones to host the respective A records.
Hi Ris, yes that should work as long as the DNS is arranged accordingly.