Hi,
I am currently trying to set up CRM 2015 for claims based authentication. All seems to be going well until I create the relying party in ADFS. When I enter the URL from the log file after configuring in deployment manager, according to the documentation this is suposed to generate just one identifier of the format internalcrm.contoso.com. However mine generates 6 identifiers none in this format. Of course then when I try to navigate to CRM it fails and in the event log it says the identifier is not found :-(
my internal url is internalcrm (same as the documentation)
my adfs url is sts1 (again same as the documentation)
I am not sure where it gete http://sts. from in the first identifier
the url generated after configuration has the correct name https://internalcrm....
both adfs and the internalcrm metadata urls resolve correctly, so not sure what is going wrong.
Any help appreciated?
Regards
Chris
*This post is locked for comments
The relying party identifiers in your screen shot would only come from pointing at the ADFS federation endpoint at <sts1.topss.int/.../federationmetadata.xml>.
Do you have a DNS record setup to resolve internalcrm.topss.int to the IP address of your CRM server?
Also, what does the XML look like on the CRM federation metadata endpoint at <internalcrm.topss.int/.../FederationMetadata.xml>?
Hi,
Unfortunately not, but as we were building a new adfs server anyway it didn't happen on the new server. Apologies for not having a result for you :-(
Chris
Hi Chris, I have the same issue, did you managed to solve this?
Hi,
Yes they are on seperate servers.
I set up ADFs and it gives us a metadata url of
https://sts1.topss.int/federationmetadata/2007-06/federationmetadata.xml
This resolves correctly.
On the CRM server I then configure Claims Based Authentication entering the above url for the metadat url.
When this has completed in the log file it gives the crm metadata url as
https://internalcrm.topss.int/FederationMetadata/2007-06/FederationMetadata.xml
This also resolves correctly.
I then go back on the ADFS server and ad a new relying party and enter the internalcrm url as the source url.
This all works except when it gets to the page with the identifiers tab they are all incorrect :-(
Regards
Chris
Hi
Are ADFS and CRM on seperated server? It seems you are getting itentifier from ADFS server, not from CRM as expected,
André Arnaud de Cal...
291,965
Super User 2025 Season 1
Martin Dráb
230,817
Most Valuable Professional
nmaenpaa
101,156