web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2011 + ADFS 3.0: R...
Microsoft Dynamics CRM (Archived)

CRM 2011 + ADFS 3.0: Requested Authentication Method is not supported on the STS.

(0) ShareShare
ReportReport
Posted on by MichelZ

Hi

I'm trying to get CRM 2011 to work with ADFS 3.0.

We get the following error message:

Exception details:

Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS.

  at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicy(IList`1 mappedRequestedAuthMethods, AccessLocation location, ProtocolContext context, HashSet`1 authMethodsInToken, Boolean& validAuthMethodsInToken)

  at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.RetrieveFirstStageAuthenticationDomain(Boolean& validAuthMethodsInToken)

  at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)

  at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)

  at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)

  at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Any ideas?

Thanks

Michel

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Matt Jereb Profile Picture
    Matt Jereb 590 on at

    Hi Michel,

    I wrote quick article on our website about this issue: www.celoxgroup.com.au/.../crm-2013-and-adfs-30-requested-authentication-method-not-supported-sts

    community.dynamics.com/.../233831.aspx

    Regards,

    Matt

  • MichelZ Profile Picture
    MichelZ on at

    I have to test this. We are already publishing ADFS through WAP, and it is working with other products using ADFS.

  • Verified answer
    AaronRic Profile Picture
    AaronRic 10,035 on at

    Also, AD FS 3.0 has not been tested for support yet with CRM 2011.

  • axtolf Profile Picture
    axtolf on at

    Hi, same problem here. CRM 2013 + ADFS 3.0 bot on w2012.

    We can't find out a solution. We followed the documentation based on CRM2011 to configure them.

    Anyone found a solution?

  • Community Member Profile Picture
    Community Member on at

    I opened a support case with Microsoft on this issue, and the official response was "Dynamics CRM 2013 does not [yet] support and has not been tested with Windows Server 2012 R2, therefore operation with ADFS 3.0 is not supported." The support technician suggested waiting for a Rollup that may add support for Server 2012 R2.

  • axtolf Profile Picture
    axtolf on at

    Hi, after some checking and re-checking, it works for me.

    Pay attention to one detail. When you put CRM in https, if you are using the default https port, like us, do not specify it. So if your server is for example "server1.contoso.com" , you have to put https://server1.contoso.com and not server1.contoso.com

    After changing with little detail, it works for us.

    After making crm2013 working with ADFS 2.X , we try out adfs again, and it works too. We left ADFS exposed without using reverse proxy. We are still checking about reverse proxy.

    Now we have to understand how to configure it to use APPS for mobile devices.

  • Chris@BAG Profile Picture
    Chris@BAG 20 on at

    Today I tried to migrate our CRM 2013 IFD deployment to ADFS 2.2 (Windows Server 2012R2).

    I got the same error. I solved the issue by adding "Forms Authentication" to the supported Authentication Methods for Intranet under Global Settings in the ADFS Management Shell (located under "Authenication Policies - Primary Authentication".

    Now IFD is working well. But I can't get the Internal URLs working, here I'm getting the IE Credential Prompt.

  • Suggested answer
    Chris@BAG Profile Picture
    Chris@BAG 20 on at

    So, me again...

    I solved the last Issue by Setting the correct spn. So everything is working now.

    TODOs for getting CRM IFD / ADFS 2.2 working:

    1. Setting correct SPN

    2. Adding Forms Authentication to the Intranet Authentication Methods (Global Settings in the ADFS Management Shell ... located under "Authenication Policies - Primary Authentication").

  • Chris@BAG Profile Picture
    Chris@BAG 20 on at

    One More Info: Everybody speeks about ADFS 3.0. Actually there is no ADFS 3.0, Built-In ADFS in Windows 2012R2 is ADFS 2.2

  • Chris Polewiak Profile Picture
    Chris Polewiak 10 on at

    Not True...

    ADFS 3.0 is included as a built in server role in Windows Server 2012 R2

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans