I'm deploying a CRM 2013-organization which should be IFD enabled with ADFS + ADFS proxy. CRM and ADFS server are on the same server, and ADFS Proxy is placed in DMZ. All servers are 2012 (not R2!) so I cannot use ADFS 2.2 and WAP.
I'm confused...not about the actual claims/IFD-setup in CRM/ADFS (just following the guide), but how this actually works.
My "problem" is this: When I send a request to "crm.domain.com" where should that go? To the Proxy in the DMZ, or should I open up the firewall to the so that it goes straight through to the CRM (and ADFS) server in the internal network? Wouldn't that break the whole "security" thing? Or does the ADFS Proxy handle this request in another way - DNS, hosts file or something else? The reason for using the proxy, as I've understood it, is to protect the ADFS server (and internal applications), but if I have to open up the firewall from the outside to the inside it wouldn't make much sense.
So I'd like to have it work like this:
crm.domain.com -> || adfs proxy (10.0.0.1) -> || crm-server(192.168.1.1)
and not like this
crm.domain.com -> || -> || 192.168.1.1 (bypassing adfs proxy which I how I think this will be solved).
Or I have I msunderstood something about how the proxy works?
Would a better option be to setup the same infrastructure but with Server 2012 R2 and adfs/wap?
