locked
CRM 2015 with ADFS on Server 2012 for internal and external users - single sign on and page not found RRS feed

  • Question

  • Hi,

     I'm configuring ADFS with CRM 2015 for claims based authentication, following this blog post:

    http://www.interactivewebs.com/blog/index.php/crm/how-to-set-up-crm-2015-ifd-on-windows-2012-and-adfs-3-0/

    My setup is slightly different as I have:

    - CRM web server (CRM configured to run from port 444)
    - SQL Server
    - 2 x ADFS servers load balanced with NLB and WID

    I've followed the blog post, used a wild card public SSL cert and configured the SPN to use a service account (rather than server name as the blog mentions)

    I have 2 issues:

    1 . When internal users browse to https://internalcrm.contoso.com:444/ they're prompted for a username and password before getting Dynamics access. How can I configure this for SSO?

    2. When I try to access the "external" URL (which points back at my same CRM server), https://authcrm.contoso.com:444/
    I get a 404 Page cannot be found after the user is authenticated. 

    There are no errors in the event logs. *.contoso.com is in the trusted sites section of the IE.

    Thanks in advanced

    Tuesday, October 20, 2015 6:30 PM

Answers

    1. For automatic login, add the ADFS and CRM domains to the Local Intranet Zone, and set the option 'Automatic Login only in Local Intranet Zone'
    2. Can you identify what URL the users are redirected to after authentication ? For external access, this would normally be <orgname>.contoso.com:444

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by EuroTechie2013 Wednesday, October 21, 2015 9:02 AM
    Tuesday, October 20, 2015 8:49 PM
    Moderator

All replies

    1. For automatic login, add the ADFS and CRM domains to the Local Intranet Zone, and set the option 'Automatic Login only in Local Intranet Zone'
    2. Can you identify what URL the users are redirected to after authentication ? For external access, this would normally be <orgname>.contoso.com:444

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by EuroTechie2013 Wednesday, October 21, 2015 9:02 AM
    Tuesday, October 20, 2015 8:49 PM
    Moderator
  • Thanks David,

     your post was helpful, step 1 fixed the issue.

    Step was down to an incorrect URL - the external access for dynamics CRM should be:

    <orgname>.contoso.com:444 as you've mentioned, in my case I had an A record for authcrm pointing at the IP of my CRM server. If used the actual CRM organisation name (and created an A record) as below

    https://devcrm.contoso.com:444/

    The external login works fine :-)


    • Marked as answer by EuroTechie2013 Wednesday, October 21, 2015 9:02 AM
    • Unmarked as answer by EuroTechie2013 Wednesday, October 21, 2015 9:02 AM
    Wednesday, October 21, 2015 8:50 AM