Let me preface that I'm not near the server at the moment so I cannot give a direct readout of any error messages.
We have implemented an ADFS 3.0 Server and are using Microsoft's included SSO webpage. We are having a problem with the the UPNs of the Subdomain not working correctly on the extranet using form authentication. Easier to describe problem:
We have a domain with a subdomain. For intents and purposes, the Suffix of the users with a UPN in the main domain is user@abc.com. Subdomain users UPN are user@xyz.abc.com.
On the SSO site, the UPN will work for sign-in on the main domain but it will error out with the UPN for the Subdomain. For example: Apples@abc.com will log in but bananas@xyz.abc.com will not work. To further confuse the matter, xyz\bananas will allow you to login, as will bananas@xyz (with nothing after xyz in the suffix). For clarification on this prior point, the subdomains actual name IS xyz so xyz\ should work no matter what, as should @xyz due to the continuation of the domain that follows being "understood" by SSO.
To clarify all of this up and give the abridged version, typing in the UPN of a user of the main domain works, but typing in the UPN of a user in the subdomain will not work. Everything SEEMS to be configured correctly in ADFS and Active Directory. If anyone else has run into something similar, I would greatly appreciate any tips or suggestions. At the moment, it feels like a problem with the forms themselves.
To give just a bit more information, the same site in the intranet works fine when we use Windows Authentication. We temporarily turned off windows authentication and used form authentication internally and the UPN of the subdomain worked with no problem.
