In preparation for a large client who is going live in a couple months with the same scenario, we setup an internal environment that:
1. Is setup and working properly with ADFS/IFD on Domain A
2. Can federate logins for an external Domain B (separate ADFS server on Domain B talks to ADFS on Domain A)
This works well until we come to a web resource (in this case an html/silverlight web resource) that is linked from the sitemap.
When logging in from Domain B (federated across the 2 ADFS servers), the sitemap link does not work, and gives the error shown below - as you can see it appears there is an additional query parameter 'whr' that is getting tacked on and blows up the CRM Parameter
Filter.
I have not yet tried the old CRM 4 trick for not restricting querystring params (I think it was a registry or some other setting) - I assume that will give us a workaround, but wanted to see if anyone has seen this behavior.
Exception message: CRM Parameter Filter - Invalid parameter 'whr=http://sts.XXXXXXXXX.com/adfs/services/trust' in Request.QueryString on page /Handlers/WebResource.ashx
The raw request was 'GET /WebResources/va_/QuickSearch.html?pagemode=iframe&whr=http[%]3a[%]2f[%]2fsts.XXXXXXXXXX.com[%]2fadfs[%]2fservices[%]2ftrust' called from
https://orgname.XXXXXXXXX.com/main.aspx.