Okay, so I have a Dynamics CRM 2011 environment running with IFD Configured. CRM is running Update Rollup 11, ADFS 2.0 has no Update Rollups installed. All servers in the environment are 2008R2.
Our in-house developers have created a web app that serves documents through to CRM. When signed in using the browser, this functionality works as expected. However, when accessed via Outlook, when the link for the file is clicked, Outlook spawns iexplore.exe - the problem with this, it seems, is that Outlook does not pass its ADFS auth over into Internet Explorer, and thus the end user is presented with an ADFS login page. This is inconvenient.
Is there a way for me to make some configuration changes, either to Outlook, IE, CRM, or ADFS to make the behavior I desire function?
Thanks in advance, and feel free to ask for additional information. I'll provide as necessary.
If the user is logged in via AD, pass through auth should work in IE. You might need to go in and trust the web server so it does not prompt the locally logged in user for auth.
If they are outside the domain and have to login, then you'll probably be stuck. Outlook auths into the hub transport/exchange server (depending on version) for auth. So it is completely seperate from ADFS. I guess a different question would be how is the user logged into ADFS via Outlook? I was under the impression ADFS doesn't work for Outlook. So they would always need to login to both. But that is based on reading, not actual practice.
You could install a cert on the client side and the webapp could dish out the files based on trusting the machine, but that leaves lots of security holes. I assume you were trying to make life easier on the users so they only had to login once?