I have configured SSO for Google Apps. I am able to log into the Google SSO fine from our internal networks. However, when I try and access it from an internet network (external to our corporate LAN) I get a "401 - unauthorized page". I am getting the Google SSO "splash page" stating that I am being redirected to my federation server as expected, but then I do not get prompted for my Active Directory (AD) credentials. The 401 page comes up without asking for any AD credentials.
I can do a nslookup for our federation.ourdomain.com and it brings back the correct IP address for the hardware balancer sitting in front of our paired ADFS proxy servers. A nslookup from within our LAN brings back the hardware balancer in front of our internal ADFS server pair as expected as well.
When I check the security and ADFS event logs, there are no events on either the internal ADFS pair nor the proxy ADFS pair when I attempt a log in.
Any ideas?