I did setup an external Relying Party Trust in ADFS as part of the IFD configuration. After setting this up I see 3 identifiers, i.e.
https://auth.[domain].com/ (ApplicationServiceEndpoint & PassiveRequestorEndpoint)
https://dev.[domain].com/ (TargetScopes)
https://[???].[domain].com/ (TargetScopes)
The part in brackets is what I found in
https://auth.[domain].com/federationmetadata/2007-06/federationmetadata.xml. So here are my questions:
1) What is the [???]? Is that the "Unique Database Name" = "Organization Name" as entered during the setup of CRM 2011?
2) Right now my external access is through
https://[???].[domain].com/ Can I somehow change this to
https://crm.[domain].com?
3) Is there any reason to have a different URL for internal access (https://internalcrm.[domain].com) instead of using the same as for external access? I believe both are supposed to point to the server on which
CRM is deployed (rather than the server where ADFS is deployed) so it should not matter, or does it?