After entering your federated domain account in a browser, are you being redirected to your internal domain name (e.g. adfs.contoso.local) instead of public domain name (e.g. adfs.publicdomain.com)?
- RDP to your ADFS server
- Install and open the Windows Azure Active Directory Powershell, for more details see this blog post
- Execute “Get-MsolFederationProperty –DomainName” with your external domain name e.g. “adfs.myexternaldomain.com”
PS C:\Windows\system32> Get-MsolFederationProperty -DomainName adfs.myexternaldomain.com
Source : ADFS Server
ActiveClientSignInUrl : https://adfs.contoso.local/adfs/services/trust/2005/usernamemixed
FederationServiceDisplayName : Contoso Corporation
FederationServiceIdentifier : http://adfs.contoso.local/adfs/services/trust
FederationMetadataUrl : https://adfs.contoso.local/adfs/services/trust/mex
PassiveClientSignInUrl : https://adfs.contoso.local/adfs/ls/
PassiveClientSignOutUrl : https://adfs.contoso.local/adfs/ls/
<more stuff here, not listed>
- The output above is likely to be listing output referencing to your local (internal) domain name.
- Open AD FS management, go to “Edit Federation Service Properties”
- Change the references from the internal domain name to the public domain names.
- If this is already the correct information, continue with the following steps anyway.
- Hit OK and close AD FS management
- In the PowerShell window, execute a Update-MsolFederatedDomain –domainname “adfs.myexternaldomain.com”
Check by using “Get-MsolFederationProperty -DomainName adfs.myexternaldomain.com” or your browser to see if you are being redirected to the correct URL this time.