I am not sure the best way to configure my CRM 2013 claims-based authentication. I have indivduals that work externally and internally with the same computer, either by coming into the office or by connecting via vpn.
I use split DNS so when outside the office they get the public ip address from CRM and the WAP address for AD FS 3.0. When inside the office or when using VPN they get the internal address for CRM and the internal AD FS server.
The CRM server is setup with the web addresses in Properties for the deployment set to an internal url internalcrm.domain.net. Claims-based authentication is configured. And IFD is setup with domain.net.
External crm address https://crm.domain.net works as expected (redirect thru WAP to AD FS login page, which authenticates and opens CRM). Internally, if they use the internal url, this opens CRM. But if someone internal uses the external url they get an error in the AD FS login page.
- Activity ID: 00000000-0000-0000-2d00-0080000000bd
- Relying party: crm.interhealthusa.net
- Error time: Mon, 20 Apr 2015 18:45:22 GMT
- Cookie: enabled
- User agent string: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
How do I configure this so that users do not have to change their crm/outlook configuration, when they connect via VPN or come into the office?
Thank you.