ADFS External auth for CRM portals showing Unable to authenticate with the external account provider. - Troubleshooting tips

(0) Share

Report

Posted on by JlAdan_ZA

Adam Pfau this might be in your area of expertise

We are trying to setup a MS CRM portal for external ADFS auth, We have done the config, its takes you to the ADFS login page, where the login does occur, however once it redirects back to the portal we are presented with "Unable to authenticate with the external account provider".

How do we go about troubleshooting this?

I have the same question (0)

All responses (7)

Answers (0)

Sort by

Community Member on at

Like (0)

Report
Copy link

Link copied!

Hi,

Are you using Azure AD Connect ? I assume it has an event log that you can trace?

Was this reply helpful? Yes No
JlAdan_ZA 15 on at

Like (0)

Report
Copy link

Link copied!

It's on prem ADFS, which unfortunately we dont have direct access to. However its been reported to us that there are no errors on that side. We can also see the passback from the ADFS server hitting the portal after the login.

There is clearly something mis configured somewhere so we are trying to troubleshoot somewhat blind at the moment. Would enabling portal logging assist at all, or would all the errors only be on the ADFS side?

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report
Copy link

Link copied!

If a setting is not configured correctly on the portal then enabling portal error log may help as well.

Was this reply helpful? Yes No
JlAdan_ZA 15 on at

Like (0)

Report
Copy link

Link copied!

OK we will look into doing that, will need to get auth from their IT department for the blob storage so that might take some time. Is there anything we can check on the dev tools side in the browser, or some items in the config we can double check in the meantime?

Its entirely possible we have missed something on our side so any reference material would also be welcome so we can double check we have done our end correctly.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report
Copy link

Link copied!

Wondering if the network tab in chrome dev tools shows anything weird when the call back happens?

Was this reply helpful? Yes No
JlAdan_ZA 15 on at

Like (0)

Report
Copy link

Link copied!

We do see the call back initiated from ADFS, no errors or anything like that immediately screams a problem. If we had what a proper call back would look like we could do a compare

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report
Copy link

Link copied!

so basically, this call back is handled by some end point on the portal, which means, if something is wrong in handling that call back, the portal should "theoretically" through an error in the log which you don't have handy now.

Now, in the mean time,while waiting on enabling the log for the portal, spin off a dummy ASP.NET application (the same portal technology) and try to implement the authentication with the same values you used for the portal on that application. You should find plenty of articles on how to do that online. I'm pretty sure you will face the same issue (unless the portal itself has a bug) and you can debug the code and know the problem.

Was this reply helpful? Yes No