Hi!
I have the following network config: INTERNAL <-> DMZ <-> INTERNET
I have my DC and my ADFS 3.0 Server in the INTERNAL zone. I have my WAP (ADFS Proxy) in the DMZ zone.
my ADFS server has a public fqdn. I have on the WAP server a hostfile with the public fqdn pointing to the ADFS server and servers to be published.
On my firewall I have configured a port forwarding rule for https to the WAP server for all required fqdn's.
No matter from which zone I access the WAP published applications I always get to logon via FBA entering username/password. Single Signon by putting the required fqdns in the intranet zone in Internet Explorer also does not work.
I narrowed it down to that I'm Always considered a Extranet user (I can confirm this because when I deselect all checkboxes for Intranet authentication methods in the Global Authentication Policy I still get the forms authentication and when I switch authentication mode from Form to Certificate on Extranet I have to login via Certificate).
How can I make sure that when I am a internal user i get SSO? Any help is greatly appreciated since I'm in a SharePoint migration.
Another question: is the 'Stay Logged in' checkbox which is present on the Microsoft Office365 federation services available in ADFS 3.0? And if so how do I enable it?