I am currently configuring ADFS to provide our staff SAML authentication to a partner web application. All is going well enough so far and we've established internal and external access to the partner site via the idpInitiateadSigon.aspx page. Internally, SSO is working nicely and externally access is being granted through our TMG server.
It is only at this point, when I'm beginning to look at page customization and such that I realize most of that documentation refers to customizing the user web experience of an ADFS proxy server. So now I'm wondering about my "shortcut".
I understand the optimal security of the proxy configuration, but I am also comfortable with the level of security provided by TMG. Is there any reason I shouldn't be?
My other concern was whether there might be fewer/different options for default page configurations and other customizations if not using the proxy. I am hopeful not, but don't want to find out at the last minute.
Finally, this not being a huge implementation by IT standards ( 3-4K users accessing a partner site over the course of a month), I'm thinking that simplicity is always a nice thing when you can get it. I've even seen a thread here where the post marked as the answer referred to advising clients to think carefully about whether or not they chosoe to deploy a proxy. I gather from that that it is not a given everyone will deploy a proxy for internet access.
I guess you can tell, I'm trying to talk myself into not having to use a proxy. Am I making a mistake?