Skip to main content

Notifications

Microsoft Dynamics CRM (Archived)

Claims Based Authentication - Relying Party Identifier not correct

(0) ShareShare
ReportReport
Posted on by

Hi,

I am currently trying to set up CRM 2015 for claims based authentication. All seems to be going well until I create the relying party in ADFS. When I enter the URL from the log file after configuring in deployment manager, according to the documentation this is suposed to generate just one identifier of the format internalcrm.contoso.com. However mine generates 6 identifiers none in this format. Of course then when I try to navigate to CRM it fails and in the event log it says the identifier is not found :-(

Identifiers.png

my internal url is internalcrm (same as the documentation)

my adfs url is sts1 (again same as the documentation)

I am not sure where it gete http://sts. from in the first identifier

the url generated after configuration has the correct name https://internalcrm....

both adfs and the internalcrm metadata urls resolve correctly, so not sure what is going wrong.

Any help appreciated?

 

Regards

Chris

 

*This post is locked for comments

  • kyleknab Profile Picture
    kyleknab 517 on at
    RE: Claims Based Authentication - Relying Party Identifier not correct

    The relying party identifiers in your screen shot would only come from pointing at the ADFS federation endpoint at <sts1.topss.int/.../federationmetadata.xml&gt;.

    Do you have a DNS record setup to resolve internalcrm.topss.int to the IP address of your CRM server?

    Also, what does the XML look like on the CRM federation metadata endpoint at <internalcrm.topss.int/.../FederationMetadata.xml&gt;?

  • CU13121614-0 Profile Picture
    CU13121614-0 on at
    RE: Claims Based Authentication - Relying Party Identifier not correct

    Hi,

    Unfortunately not, but as we were building a new adfs server anyway it didn't happen on the new server. Apologies for not having a result for you :-(

    Chris

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Claims Based Authentication - Relying Party Identifier not correct

    Hi Chris, I have the same issue, did you managed to solve this?

  • CU13121614-0 Profile Picture
    CU13121614-0 on at
    RE: Claims Based Authentication - Relying Party Identifier not correct

    Hi,

    Yes they are on seperate servers.

    I set up ADFs and it gives us a metadata url of 

    https://sts1.topss.int/federationmetadata/2007-06/federationmetadata.xml

    This resolves correctly.

    On the CRM server I then configure Claims Based Authentication entering the above url for the metadat url. 

    When this has completed in the log file it gives the crm metadata url as 

    https://internalcrm.topss.int/FederationMetadata/2007-06/FederationMetadata.xml

    This also resolves correctly.

    I then go back on the ADFS server and ad a new relying party and enter the internalcrm url as the source url.

    This all works except when it gets to the page with the identifiers tab they are all incorrect  :-(

    Regards

    Chris

  • Ragnar Hilmarsson Profile Picture
    Ragnar Hilmarsson 3,427 on at
    RE: Claims Based Authentication - Relying Party Identifier not correct

    Hi

    Are ADFS and CRM on seperated server? It seems you are getting itentifier from ADFS server, not from CRM as expected,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,965 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 230,817 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans