Authentication question for specific setup

Can somebody send me in the right direction which New-UDAuthenticationMethod to use in our environment? Also regarding https. This will be a messy post but I’m completely lost and any tips or pointing out my stupidity is welcome.

I came very far providing automation scripts with UD as the web gui. Now we need authentication to put it in production. I have very little experience with reverse proxy’s and ADFS.

My UDDashboard runs on a domain joined windows server, let’s say the domain is companyname.intra It runs on port 10001

We have an Apache reverse proxy that makes the dashboard available on https://subdomain.companyname.com (forwards port 80 to 10001, and also redirects to https using the domainname.com certificate) Managed by another team than where I am.

Lastly we have ADFS set up with a url https://adfs.companyname.com/

Here’s what works (server.ip.address is the actual IP address of the server that runs UD)
To configure ADFS, I followed this guide: https://docs.universaldashboard.io/security/authentication/ws-federation

Start-UDDashboard -Content {
    $Authentication = New-UDAuthenticationMethod -MetadataAddress 'https://adfs.companyname.com/FederationMetadata/2007-06/FederationMetadata.xml' -Wtrealm https://server.ip.address:10001
    $LoginPage = New-UDLoginPage -AuthenticationMethod $Authentication

    New-UDDashboard -Title "Line" -Content {
        New-UDRow -Columns {
            New-UDColumn -Size 12 -Endpoint  {
                New-UDHeading -Text "Logged in as $user"
            }
        }
    } -LoginPage $LoginPage
} -Wait -Port 10001 -AllowHttpForLogin

So it works without the Apache reverse proxy. If I start the dashboard with the subdomain like this:

Start-UDDashboard -Content {
    $Authentication = New-UDAuthenticationMethod -MetadataAddress 'https://adfs.companyname.com/FederationMetadata/2007-06/FederationMetadata.xml' -Wtrealm https://subdomain.companyname.com:10001
    $LoginPage = New-UDLoginPage -AuthenticationMethod $Authentication

    New-UDDashboard -Title "Line" -Content {
        New-UDRow -Columns {
            New-UDColumn -Size 12 -Endpoint  {
                New-UDHeading -Text "Logged in as $user"
            }
        }
    } -LoginPage $LoginPage
} -Wait -Port 10001 -AllowHttpForLogin

Then the login page loads but after logging in I see this error in the ADFS event log:
‘A token with a bad token binding key was found.’

If I then change the ‘WS-Federation Passive Endpoints’ in the Relying Party Trusts in ADFS, from https://subdomain.companyname.com to https://subdomain.companyname.com/login, I get this error: Bad username or password