SP 2013 + ADFS + APPS All On-premises Error - SharePoint Data Not Found

Secenario: 

SharePoint 2013  on Server 2012 R2 with the February 2015 CU   (snuck in by Updates - Thanks Microsoft)  Using ADFS as a TrustedIdentityProvider.
ADFS w/ ADFS WAP on Server 2012 R2 (ADFS 3.0)
2012 - NOT R2 - Web Server with the deployed App - aka Visual Studio Lightswitch with special sauce :) 
Domain Generated Code Singing Certificate from our Domain Cert issuer (so not commercial but not made by Cert Tool either.Everything worked great locally debugging and testing, once I published to the production server (for the App - not SharePoint - IIS Web App Server 2012 -not R2). I get the asp.net Yellow screen of death and possibly the best error message that points directly to a cause (thanks again Microsoft!)

Value cannot be null.
Parameter name: sharePointHostData

So of course since that error makes no sense I fire up fiddler and get this:

<input type="hidden" name="SPAppToken" value="" />
<input type="hidden" name="SPSiteUrl" value="{REMOVED}" />
<input type="hidden" name="SPSiteTitle" value="{REMOVED}" />
<input type="hidden" name="SPSiteLogoUrl" value="" />
<input type="hidden" name="SPSiteLanguage" value="en-US" />
<input type="hidden" name="SPSiteCulture" value="en-US" />
<input type="hidden" name="SPRedirectMessage" value="EndpointAuthorityMatches" />
<input type="hidden" name="SPErrorCorrelationId" value="e0a1f69c-6049-60b8-44c7-7a589eb5361c" />
<input type="hidden" name="SPErrorInfo" value="The Azure Access Control service is unavailable." />

I use the correlationID to check the ULS logs and find:

(first relevant line) exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable.    

(second relevant line) App token requested from appredirect.aspx for site: {GUID} but there was an error in generating it.  This may be a case when we do not need a token or when the app principal was not properly set up

I have an App Principal setup for the site 

I don't have a SharePointContextTokenHelper.cs (or anything like that - Didn't think this was needed. Is it??) 

Based on the ULS Logs it appears the way the App is setup for the site is well... messed up.

Has any one messed with a scenario like this?

Thanks!

-Jon