You’re offline. This is a read only version of the page.
105
Hello,
I have a CRM2016 SP1 deployment that uses IFD and PingFederate.
I have managed to install the corresponding certificates and configure IFD, but when I connect to CRM, I get redirected to PingFederate. My User is found and validated and I get as an answers from Ping a valid SAML token (I can only suppose it is valid), where my Email and UserName is to be found.
In the CRM trace, it Looks strange to me that the organization is found, but the user SID is missing in the SQL query (exec p_GetCrmUserId 'c2dc245c-65b2-e611-80c6-005056a185b1', 'W:'). This means to me that the SAML token could not be read correctly by CRM (or is in a wrong Format).
Did anyone see something like this?
Could anyone give me some ideas what could go wrong here ?
Thank you in advance!
CRM Trace:
>MapOrgEngine: Retreived the OrgId[{C2DC245C-65B2-E611-80C6-005056A185B1}] for URL[https://myApp.corp/default.aspx].
[2017-03-14 14:37:14.445] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 18 |Category: Shared |User: 00000000-0000-0000-0000-000000000000 |Level: Verbose |ReqId: fa1e4464-e6b4-4328-8493-2d053a31cdee | CrmDbConnection.Open ilOffset = 0x2E
>ConnectionString: Data Source=SqlSrv\INSTPCH4,51436;Initial Catalog=MSCRM_CONFIG;Integrated Security=True;Min Pool Size=2;Connect Timeout=150;Workstation ID=myWStation.w3wp.
[2017-03-14 14:37:14.445] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 18 |Category: Platform.Sql |User: 00000000-0000-0000-0000-000000000000 |Level: Verbose |ReqId: fa1e4464-e6b4-4328-8493-2d053a31cdee | CrmDbConnection.InternalExecuteReader ilOffset = 0x1C
>exec p_GetCrmUserId 'c2dc245c-65b2-e611-80c6-005056a185b1', 'W:'
[2017-03-14 14:37:14.461] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 18 |Category: Exception |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId: fa1e4464-e6b4-4328-8493-2d053a31cdee | CrmException..ctor ilOffset = 0x9
at CrmException..ctor(String message, Exception innerException, Int32 errorCode, Boolean isFlowControlException, TraceCategory traceCategory) ilOffset = 0x9
at CrmException..ctor(String message, Exception innerException, Int32 errorCode) ilOffset = 0x6
at Exceptions.ThrowIfEmpty(String value, String parameterName) ilOffset = 0x1A
at ClaimsUtility.GetSecurityIdentifier(ClaimsPrincipal principal) ilOffset = 0x23
at ActiveDirectoryUserInformation.MatchExistingUser(ClaimsPrincipal principal, Guid organizationId, String userAuth) ilOffset = 0x2B
at ClaimsIdentityAuthorizationManager.DoRecognizeUser(ClaimsPrincipal principal, Guid organizationId, Guid& userId) ilOffset = 0x68
at ClaimsIdentityAuthorizationManager.CheckAccess(AuthorizationContext context) ilOffset = 0x1A1
at CrmSessionAuthenticationManager.AuthenticateSessionSecurityToken(SessionSecurityToken sessionToken, Boolean writeCookie) ilOffset = 0x17F
at WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) ilOffset = 0x141
at WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) ilOffset = 0x1D
at CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) ilOffset = 0xC0
at SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() ilOffset = 0x5D
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) ilOffset = 0x15
at ApplicationStepManager.ResumeSteps(Exception error) ilOffset = 0x10A
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) ilOffset = 0x5C
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) ilOffset = 0x16A
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType) ilOffset = 0x4B
>Crm Exception: Message: Expected non-empty string., ErrorCode: -2147220989, InnerException: System.ArgumentException: Expected non-empty string.
Parameter name: userPrincipalName
[2017-03-14 14:37:14.461] Process: w3wp |Organization:c2dc245c-65b2-e611-80c6-005056a185b1 |Thread: 18 |Category: Platform.Authentication |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId: fa1e4464-e6b4-4328-8493-2d053a31cdee | ClaimsIdentityAuthorizationManager.CheckAccess ilOffset = 0x1A1
>HostName: myApp.corp, UserId: {00000000-0000-0000-0000-000000000000}, Context: ClaimsIdentityAuthorizationManager.CheckAccess(), Exception details: Microsoft.Crm.CrmArgumentException: Expected non-empty string. ---> System.ArgumentException: Expected non-empty string.
Parameter name: userPrincipalName
--- End of inner exception stack trace ---
at Microsoft.Crm.Exceptions.ThrowIfEmpty(String value, String parameterName)
at Microsoft.Crm.Authentication.Claims.ClaimsUtility.GetSecurityIdentifier(ClaimsPrincipal principal)
at Microsoft.Crm.Authentication.ActiveDirectoryUserInformation.MatchExistingUser(ClaimsPrincipal principal, Guid organizationId, String userAuth)
at Microsoft.Crm.Authentication.ClaimsIdentityAuthorizationManager.DoRecognizeUser(ClaimsPrincipal principal, Guid organizationId, Guid& userId)
at Microsoft.Crm.Authentication.ClaimsIdentityAuthorizationManager.CheckAccess(AuthorizationContext context)
[2017-03-14 14:37:14.461] Process: w3wp |Organization:c2dc245c-65b2-e611-80c6-005056a185b1 |Thread: 18 |Category: Platform.Authentication |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId: fa1e4464-e6b4-4328-8493-2d053a31cdee | AuthenticationTelemetryUtilities.LogException ilOffset = 0xAE
>HostName: myApp.corp, UserId: {00000000-0000-0000-0000-000000000000}, Context: InnerException of Microsoft.Crm.CrmArgumentException, ClaimsIdentityAuthorizationManager.CheckAccess(), Exception details: System.ArgumentException: Expected non-empty string.
Parameter name: userPrincipalName
[2017-03-14 14:37:14.461] Process: w3wp |Organization:c2dc245c-65b2-e611-80c6-005056a185b1 |Thread: 18 |Category: Platform.Authentication |User: 00000000-0000-0000-0000-000000000000 |Level: Info |ReqId: fa1e4464-e6b4-4328-8493-2d053a31cdee | CrmAuthorizationUtility.HandleAuthenticationException ilOffset = 0x3B
>AccessDenied. HostName: myApp.corp, UserId: {00000000-0000-0000-0000-000000000000}, Context: CrmAuthorizationUtility.HandleAuthenticationException() failed with Microsoft.Crm.CrmArgumentException: Expected non-empty string. ---> System.ArgumentException: Expected non-empty string.
Parameter name: userPrincipalName
--- End of inner exception stack trace ---
at Microsoft.Crm.Exceptions.ThrowIfEmpty(String value, String parameterName)
at Microsoft.Crm.Authentication.Claims.ClaimsUtility.GetSecurityIdentifier(ClaimsPrincipal principal)
at Microsoft.Crm.Authentication.ActiveDirectoryUserInformation.MatchExistingUser(ClaimsPrincipal principal, Guid organizationId, String userAuth)
at Microsoft.Crm.Authentication.ClaimsIdentityAuthorizationManager.DoRecognizeUser(ClaimsPrincipal principal, Guid organizationId, Guid& userId)
at Microsoft.Crm.Authentication.ClaimsIdentityAuthorizationManager.CheckAccess(AuthorizationContext context)
at Microsoft.Crm.Authentication.Claims.CrmSessionAuthenticationManager.AuthenticateSessionSecurityToken(SessionSecurityToken sessionToken, Boolean writeCookie).
*This post is locked for comments
I have the same question (0)
Share
Report
All responses (
Answers (
