I am relatively new to deploying on-premise instances of CRM. I have created a lab environment that has CRM 2011 configured to support users via Windows Authentication. The application is hosted on Windows Server 2008R2. Ultimately, I would like to extend this configuration to support external users that will authenticate using smart card certificates.
I have found many resources guiding me through deploying and configuring ADFS, reconfiguring CRM, and getting everything setup in the "supported" way. My question is: why is this the supported configuration? What does configuring ADFS provide that simply allowing users to connect to CRM over the web does not? All of my services and users will be hosted in the same domain and thus I don't see myself with a need to leverage the federation functions of ADFS.
Please keep in mind that I haven't begun configuring my test environment yet, and maybe when I do the need for ADFS will become clear, but at this point I don't understand what specifically ADFS is providing for a CRM IFD in my case.
Adding ADFS introduces a lot of additional complexity (bad) to my relatively simple environment and I don't understand the benefit.