web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Should CRM Claims URL ...
Microsoft Dynamics CRM (Archived)

Should CRM Claims URL work through ADFS 3.0 with Web Application Proxy

(0) ShareShare
ReportReport
Posted on by Community Member

I have CRM set up using ADFS 3.0.  Everything is fine inside my LAN.  I can log in using both Claims (https://crmint.domain.com/orgname) and IFD (https://orgname.domain.com).  I then configured a web application proxy (currently my CRM URLs are just exposed and not published through it, so I'm only using it for ADFS authentication).  https://orgname.domain.com works fine when I hit it from the outside, but hitting https://crmint.domain.com/orgname generates an error: "An error occurred. Contact your administrator for more information."

This setup worked fine with ADFS 2.0 without any ADFS Proxy, and this is my firs time working with WAP, so I'm not sure if this is normal and the URL shouldn't ever work, or if something is set up wrong on my end.

The computers I'm testing with are domain joined so I would think this should work.

Thoughts?

*This post is locked for comments

I have the same question (0)
  • razdynamics Profile Picture
    razdynamics 17,308 User Group Leader on at

    Hi Alex

    Using ADFS 3.0 and accessing CRM will result in the error you see above. This is due to the way ADFS 3.0 handles security—it doesn’t utilize IIS anymore. To resolve the error, follow these steps:

    Open your ADFS 3.0 management console and click Authentication Policies, then click Edit.

    Make sure you haved ticked/checked the following options within your security settings.

    Extranet:

    Forms Authentication

    Internet Authentication:

    Forms Authentication

    Windows Authentication

    Restart ADFS service and attempt to access CRM again.

    Kindly Tick 'Yes' to verify :)

    Best Wishes, Raz

  • Community Member Profile Picture
    Community Member on at

    Raz,

    Thanks for the thought. We already have that set on the ADFS 3.0 server. Any other ideas? Is there something on the Web App Proxy that needs to be set? Am I wrong for thinking this should work?

    -Alex

  • Community Member Profile Picture
    Community Member on at

    I still haven't been able to figure out what's going on.  The Error on The ADFS 3.0 server Event log is:

    Encountered error during federation passive request.

    Additional Data

    Protocol Name:

    wsfed

    Relying Party:

    crmbetaint.greenbeacon.com

    Exception details:

    Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS.

    Everyone else suggests the same thing that Raz suggested, but that's how my system is set and I'm still getting this error.

    I'd love to hear from someone who has this setup implemented to verify that it should work, and from anyone with any other thoughts.

    Thanks.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans