none
Problem in authentication with : https://login.microsoftonline.com/extSTS.srf

    Question

  • Existing systems are based on Live Id authentication and working fine. Recently new Office 365 is introduced. The issue is related to authentication with Office 365.

    We take binary token from authorization response and use this token for communication with CRM using SOAP.

    Following is the content of login request to MS online login servers,

    ===============================================================================================

    POST request to https://login.microsoftonline.com/extSTS.srf

    ===============================================================================================

    <s:Envelope xmlns:s='http://www.w3.org/2003/05/soap-envelope'

                    xmlns:a='http://www.w3.org/2005/08/addressing'

                    xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>

                    <s:Header>

                                    <a:Action s:mustUnderstand='1'>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>

                                    <a:ReplyTo>

                                                    <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>

                                    </a:ReplyTo>

                                    <a:To s:mustUnderstand='1'>https://login.microsoftonline.com/extSTS.srf</a:To>

                                    <o:Security s:mustUnderstand='1'

                                                    xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>

                                                    <o:UsernameToken>

                                                                    <o:Username><![CDATA[HIDDEN@HIDDEN.onmicrosoft.com]]></o:Username>

                                                                    <o:Password><![CDATA[1qaz@WSX]]></o:Password>

                                                    </o:UsernameToken>

                                    </o:Security>

                    </s:Header>

                    <s:Body>

                                    <t:RequestSecurityToken xmlns:t='http://schemas.xmlsoap.org/ws/2005/02/trust'>

                                                    <wsp:AppliesTo xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>

                                                                    <a:EndpointReference>

                                                                                    <a:Address><![CDATA[HIDDEN.onmicrosoft.com]]></a:Address>

                                                                    </a:EndpointReference>

                                                    </wsp:AppliesTo>

                                                    <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>

                                                    <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>

                                                    <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>

                                    </t:RequestSecurityToken>

                    </s:Body>

    </s:Envelope>

    ===============================================================================================

    Response from https://login.microsoftonline.com/extSTS.srf

    ===============================================================================================

    <?xml version="1.0" encoding="utf-8" ?>

    <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"

                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

                    xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"

                    xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">

                    <S:Body>

                                    <S:Fault>

                                                    <S:Code>

                                                                    <S:Value>S:Sender</S:Value>

                                                                    <S:Subcode>

                                                                                    <S:Value>wst:InvalidRequest</S:Value>

                                                                    </S:Subcode>

                                                    </S:Code>

                                                    <S:Reason>

                                                                    <S:Text xml:lang="en-US">Invalid Request</S:Text>

                                                    </S:Reason>

                                                    <S:Detail>

                                                                    <psf:error>

                                                                                    <psf:value>0x8004882a</psf:value>

                                                                                    <psf:internalerror>

                                                                                                    <psf:code>0x80045b02</psf:code>

                                                                                                    <psf:text>The partner DNS used in the login request cannot be

                                                                                                                    found.&#x000D;&#x000A;</psf:text>

                                                                                    </psf:internalerror>

                                                                    </psf:error>

                                                    </S:Detail>

                                    </S:Fault>

                    </S:Body>

    </S:Envelope>

    The problem is complain about partner DNS not found. Tried with several trial dynamic CRM accounts but none worked. Can you guys help me in identifying the reason of this error and possible action.

    Friday, July 27, 2012 2:53 PM

All replies

  • A simple help to understand the meaning of error:

          <psf:code>0x80045b02</psf:code>

          <psf:text>The partner DNS used in the login request cannot be found.&#x000D;&#x000A;</psf:text>

    I am in urgent need of help. Please reply.

    Monday, July 30, 2012 9:06 AM
  • A simple help to understand the meaning of error:

          <psf:code>0x80045b02</psf:code>

          <psf:text>The partner DNS used in the login request cannot be found.&#x000D;&#x000A;</psf:text>

    I am in urgent need of help. Please reply.

    I have the same problem
    Saturday, August 04, 2012 8:13 AM
  • Can you try posting the SOAP request to https://login.microsoftonline.com/RST2.srf

    Mihir

    Thursday, August 16, 2012 7:47 AM
  • Thanks for your reply Mihir. I tried with your URL. Reply was same. Anything else, your would like to suggest?
    Tuesday, August 28, 2012 3:25 AM
  • <a:EndpointReference>

             <a:Address><![CDATA[HIDDEN.onmicrosoft.com]]></a:Address>

    </a:EndpointReference>

    Got the same error. I have tried to use 'portal.microsoftonline.com' as partner

    instead of '<myorg>.onmicrosoft.com'. This got me further.

    Monday, October 08, 2012 12:18 PM
  • I am able to integrate XRM 2011 in Java... if any one still stuck email me at amtdxt@yahoo.com
    Friday, October 12, 2012 11:45 AM
  • Try use:

    <a:Address>urn:crmapac:dynamics.com</a:Address>

    Thursday, August 29, 2013 7:15 PM