Directory Programming .NET

Hello:

I follow the guide http://technet.microsoft.com/en-us/library/cc287811.aspx to deploy ADFS with WSS 3.0.. It works fine and I can authenticate the external users (adatum). But I have a issue with the internal user (treyresearch). When I type the https://extranet.treyresearch.net URL and select from the discoverclientrealm.aspx the trey research option it shows me the login window. I type the credentials for terry adams. And then WSS shows me access denied you are currently signed in as: terrya@treyresearch.net. It was weird because when I create a group claim and map into a internal group and then give access to that group claim inside of the resource role to the web application and give access to the group inside of WSS I can access WSS with terry adam.

Is there any issue with internal users can not acces directly the WSS and I have to create group claims?

Did I made something wrong and the internal users can be authenticated from the adfsweb url and from the externanet url ?

Thanks

I am not entire sure that I follow the question, but it sounds as though you are asking whether or not an internal user can access the WSS site without needing to use ADFS.  In this case, the answer is unfortunately no, when the site is configured for ADFS integration, all authn/authz must come through the ADFS servers. 

So in short, even though your users are internal, they still have to use ADFS to access the site.

also, if they are internal and they are seeing a login screen they shouldn't be (i.e. IWA login screen) you will need to add all necessary servers to the trusted site list, then it will take the user's current login and pass it through.  After I did that my internal users no longer saw the login screen and could just browse to the app and be logged in already.