Customer Portal - Error when clicking Sign in on Customer Portal hosted on Azure

Ask a question

Wednesday, May 02, 2012 6:58 AM

0

An error occurred while processing your request.

HTTP Error Code:

403

Message:

ACS50000: There was an error issuing a token.

Inner Message:

ACS60000: An error occurred while processing rules for relying party 'http://########.cloudapp.net/' using the service identity or identity provider named 'uri:WindowsLiveID'.

Inner Message:

ACS60001: No output claims were generated during rules processing.

Trace ID:

af6278cc-59d0-42ff-bb3b-3520ef0f4424

Timestamp:

2012-05-02 06:56:14Z
- Reply
- Quote

All Replies

Friday, May 04, 2012 11:20 PM

0

It's likely you don't have rules setup in ACS and/or other issues with ACS setup

Please use this document to configure ACS properly for use with portals (http://bit.ly/xsiVuB)

Thanks!
- Reply
- Quote
Tuesday, May 08, 2012 10:48 PM

0
Hi

The documentation is missing the extra step of setting up a rule inside the rule group itself. That seems to have solved the issue.

Thanks
- Marked As Answer by bzalloua Tuesday, May 08, 2012 10:49 PM
- Reply
- Quote
Thursday, May 10, 2012 2:57 AM

0

I'll make sure that is present in latest document - thank you!
- Reply
- Quote
Tuesday, May 15, 2012 3:19 PM

0
I have the latest documentation (thank you for doing the update :) ) with the ACS steps.

"Portal Configuration Guide - Windows Azure ACS Authentication.doc"
I get the following error message when i try to sign in with windows live id
HTTP Error Code: 400
Message: ACS20001: An error occurred while processing a WS-Federation sign-in response.
Trace ID: ee793693-49f7-40aa-a963-fb61b3c068d4
Timestamp: 2012-05-15 19:56:41Z

I think this relates to how I have configured the rule groups\claims rule.

I have added google, windows live id and yahoo as identity providers
configured the Relying Party Applications

I have then added a rule group however I have no idea how to configure this. I have CRM 2011 online and I want to use windows live id.

here is how I have it currently configured the claims rule:

Field 1: Enter a name for the rule group:==> nice and easy just a display name

I then add a rule.

filed 2: Identity provider: Windows Live Id | any | select type
the select type option has a dropbox with 1 item http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier.) currently i have this selected
Enter Type (this is an empty text box)

Input claim value section
Any (currently selected)
Enter value (another empty text box)

Output claim type ==> Pass through first input claim type (currently selected, although this is probably wrong ?)
Select type (with a drop down box full of values like this
http://docs.oasisopen.org/wsfed/authorization/200706/claims/action
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod
http://schemas.microsoft.com/ws/2008/06/identity/claims/cookiepath
http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid
etc etc etc
or the third option is Enter type again an empty text box

no idea what to choose here, i guess the logic is when you have authenticated the user what token should you pass through to the CRM online application ? i.e. input claim then output claim ???

The next section is the output claim value
option 1: Pass through first input claim value (currently selected)
option 2: Enter value, an empty text box

I couldnt see anything in the documentation stating how to set this up.
I am trying to use CRM online with the portal hosted in windows azure as described in the "Customer Portal Deployment Guide_Azure_V2.0.docx" document.

any pointers would be really appreaciated

Regards
Derek
- Edited by DerekEwing Tuesday, May 15, 2012 8:28 PM
- Reply
- Quote