Here is another little tip for your IFD configuration. Once IFD is configured you need to remove the normal HTTP binding and leave just the HTTPS binding in IIS, otherwise you’ll start seeing the following errors in your trace logs.
ClaimsAuthenticationEndpointBuilder: SSL-OffLoading has not been enabled but scheme passed in is http
>CreateDefaultEndpointBinding returned null for address:
http://crmserver1.org.com/XRMServices/2011/Discovery.svc