Montag, 16. April 2012 16:43
I have setup the following :
CRM (Hosted Domain)
ADFS (Hosted Domain)
ADFS (Client Domain)
Client PC (Client Domain)
For ease, the hosted domain is a sub domain of the client. Only in DNS no Domain trusts etc.
I have followed the ADFS guide the only change I had to make was changing Name to * Name in a rule
Due to the fact I have more than one ADFS I can the home realm drop down when I hit CRM the first time (I can code around this... so happy)
All works fine from IE
But.. when I connect with the outlook I get the following error
Note, I have setup the home relam setting in the registry.
>Kerberos Auth failed: System.NotSupportedException: The authentication endpoint AsymmetricToken was not found on the configured Secure Token Service!
Other have talked about using alias and not setting holm realm but I suspect that solution worked as it 'broke' ADFS and it failed back to non ADFS.
When fiddle I see (I turn of extended protection in IIS to allow fiddling)
3 200 HTTPS dsladfs.testdomain.local /adfs/services/trust/mex 4 200 HTTP Tunnel to crm.hosted.testdomain.local:444 5 200 HTTPS crm.hosted.testdomain.local:444 /tesdt/XRMServices/2011/Discovery.svc?wsdl 6 200 HTTPS crm.hosted.testdomain.local:444 /test/XRMServices/2011/Discovery.svc?wsdl=wsdl1 7 200 HTTPS crm.hosted.testdomain.local:444 /test/XRMServices/2011/Discovery.svc?wsdl=wsdl0 8 302 HTTPS crm.hosted.testdomain.local:444 /adfs/services/trust/mex 9 200 HTTP Tunnel to crm.hosted.testdomain.local:443 10 200 HTTPS crm.hosted.testdomain.local /adfs/ls/?..... 11 302 HTTPS crm.hosted.testdomain.local:444 /adfs/services… 12 200 HTTPS crm.hosted.testdomain.local /adfs/ls/?..... 13 302 HTTPS crm.hosted.testdomain.local:444 /adfs/services/trust/mex 14 200 HTTPS crm.hosted.testdomain.local /adfs/ls/?..... 15 200 HTTP Tunnel to 16 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex 17 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex?xsd=xsd2 18 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex?xsd=xsd1 19 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex?xsd=xsd0 20 200 HTTP clientadfs.testdomain.local /adfs/services/trust/13/username
Note, all 200 the response for the last one looks fine. I have checked the I have endpoint /adfs/services/trust/13/username on and allowing proxy.
- Bearbeitet Steve.Drake Montag, 16. April 2012 16:44
Dienstag, 17. April 2012 23:16
Mittwoch, 18. April 2012 17:45
Thanks for that, but it did not help :(
but.. I have got it working...
to make things easier in my test lab I had my hosted domain a sub domain (in DNS terms) of our main dom.
I rebuilt it not as a sub domain and now it works fine.
Also.. if you use fiddler to monitor communication to the kerb endpoint then due to WCF using extended protection it does not work.
In my setup I have two ADFS servers so I need to support a home realm, I have also proved that connection from C# code works.