web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Claims Based Authentic...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

Claims Based Authentication - generate wrong Relying Party Identifier

(0) ShareShare
ReportReport
Posted on by Loredana Iacob 15

Hello,

I am trying to set-up the Claim based authentication for Dynamics 365 On-Premises.

I have installed and configured AD FS on the same box with crm - windows server 2016.

I have successfully configured crm server for claim-based authentication using Deployment Manager and security token service federation metadata url. 

I've got some issues during the configuration of claim-based for AD FS - the generated identifiers are wrong - should be only one: internalcrm url as is mention on microsoft documentation.

Please see the generated list below:

pastedimage1588345636770v1.png

Any advice or suggestions is very much appreciated.

Thank you.

I have the same question (0)
  • Suggested answer
    Pedro Cadavez de Freitas Profile Picture
    Pedro Cadavez de Fr... on at

    Hello Loredana,

    Hope you are well.

    It seems you might be hitting the general problem when using ADFS on the same server as CRM.

    Your internalCRM relying party trust is reading ADFS federation metadata and not CRM due to both being listening on the same port.

    We don't reccomend this due to by default there is a conflict on CRM and ADFS using https:443 and CRM sandbox using TCP:808 while adfs also uses it.


    In case you still want to go ahead the general reccomendation is to move CRM to use another port like 444 and keep ADFS on 443 due to the extra settings ADFS needs to be able to change correctly a port (bindings, etc). And change ADFS tcp port to 809.


    Please use these articles:

    https://interactivewebs.com/index.php/crm/how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server/

    https://crmtipoftheday.com/668/adfs-and-crm-on-the-same-server/


    If you still have doubts, let us know.

  • Loredana Iacob Profile Picture
    Loredana Iacob 15 on at

    Thank you so much for your help, Pedro.

    Yes, you are right, the federation metadata urls on 443 seems to be reserved by AD FS. I've followed the provided suggestions and it runs smoothly now.

    I still have a question, please. I am trying to configure IFD for enable the server based integration between Dynamics 365 On-premises and Sharepoint online - needed just for document storage feature. The point is that we would like to keep the CRM in the local network, just for internal access. Can this be possible, please?

    Thanks.

    Kind regards,

    Loredana

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Martin Dráb Profile Picture

Martin Dráb 51 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 38 Super User 2025 Season 2

#3
#ManoVerse Profile Picture

#ManoVerse 31

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans