I have another funny problem that came out while doing a deploy. I have a CRM2013 on a clustered server (full deployment). Everything seemed to work fine until i tried to enable IFD. All the federation metadata urls are responding well, so I thought would have been a painless setup. I set ADFS configured the certificates on both server 1 and 2, registered the dns on the virtual address of the cluster. The problem is that every time I try to hit the internal address IIS reply like the page doesn't exists.
Looks like the request to the token server sts.contoso.com/auth... is not going through for some reason. Now the http sites are opening without problems, the access to the external address answer with the correct adfs login screen (this is notices if the user exist and the password is correct but it's not letting me in).
The problem was with the adfs server. For some reason he was looking for 2 properties in the certificate that were braking the trust chain. Sadly the error wasn't reported in the event viewer (I think because of the NLB configuration).