Recently I was helping a customer to implement ADFS for a Office 365 deployment.
We had built a Dir-Sync server and 2 ADFS servers on the internal network. We had added 2 ADFS proxies to a DMZ network that was being published by Forefront TMG, but TMG was not doing the authentication. All the necessary ports was opened.
When testing to the Office 365 portal authentication on the internal network it completed successfully, however when testing from an external client we was receiving the following error
To resolve this issue we had to disable the “Apply link translation to this rule” on the rule where the ADFS URL is published in TMG.
All external test complete successfully afterwards.