I'm not 100% sure I understand what you're asking, but I'll explain what should happen as I understand it.
After you enable Claims-based authentication AND IFD...
Internal
- User hits your internal URL eg. https://crminternal.contoso.com
- User is automatically redirected to the ADFS server eg. https://adfs.contoso.com
- ADFS server authenticates user automatically via AD
- User receives ticket from ADFS
- User is redirected back to CRM and authenticates using ADFS ticket
External
- User hits your external URL eg. https://org.contoso.com
- User is automatically redirected to the ADFS server eg. https://adfs.contoso.com
- ADFS server authenticates user using Login Form
- User receives ticket from ADFS
- User is redirected back to CRM and authenticates using ADFS ticket
If your users are not being automatically authenticated by ADFS via AD, add the ADFS server to your trusted sites and set your trusted sites to 'Logon automatically using Domain username and password' or whatever that setting in IE is called.
If you are not being automatically redirected from CRM to ADFS, something is wrong with your Claims configuration.
--pogo (pat) @
pogo69.wordpress.com