locked
Customer Portal - Error when clicking Sign in on Customer Portal hosted on Azure RRS feed

  • Question

  • An error occurred while processing your request.

     


    HTTP Error Code:

     403

     

    Message:

     ACS50000: There was an error issuing a token.

     

    Inner Message:

     ACS60000: An error occurred while processing rules for relying party 'http://########.cloudapp.net/' using the service identity or identity provider named 'uri:WindowsLiveID'.

     

    Inner Message:

     ACS60001: No output claims were generated during rules processing.

     

    Trace ID:

     af6278cc-59d0-42ff-bb3b-3520ef0f4424

     

    Timestamp:

     2012-05-02 06:56:14Z

    Wednesday, May 2, 2012 6:58 AM

Answers

  • Hi

    The documentation is missing the extra step of setting up a rule inside the rule group itself.  That seems to have solved the issue.

    Thanks

    • Marked as answer by bzalloua Tuesday, May 8, 2012 10:49 PM
    Tuesday, May 8, 2012 10:48 PM

All replies

  • It's likely you don't have rules setup in ACS and/or other issues with ACS setup

    Please use this document to configure ACS properly for use with portals (http://bit.ly/xsiVuB)

    Thanks!

    Friday, May 4, 2012 11:20 PM
  • Hi

    The documentation is missing the extra step of setting up a rule inside the rule group itself.  That seems to have solved the issue.

    Thanks

    • Marked as answer by bzalloua Tuesday, May 8, 2012 10:49 PM
    Tuesday, May 8, 2012 10:48 PM
  • I'll make sure that is present in latest document - thank you!
    Thursday, May 10, 2012 2:57 AM
  • I have the latest documentation (thank you for doing the update :) ) with the ACS steps.

    "Portal Configuration Guide - Windows Azure ACS Authentication.doc"
    I get the following error message when i try to sign in with windows live id
    HTTP Error Code:  400
    Message:  ACS20001: An error occurred while processing a WS-Federation sign-in response.
    Trace ID:  ee793693-49f7-40aa-a963-fb61b3c068d4
    Timestamp:  2012-05-15 19:56:41Z

    I think this relates to how I have configured the rule groups\claims rule.

    I have added google, windows live id and yahoo as identity providers
     configured the Relying Party Applications

    I have then added a rule group however I have no idea how to configure this. I have CRM 2011 online and I want to use windows live id.

    here is how I have it currently configured the claims rule:

    Field 1: Enter a name for the rule group:==> nice and easy just a display name

    I then add a rule.

    filed 2: Identity provider: Windows Live Id |  any   | select type
     the select type option has a dropbox with 1 item http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier.) currently i have this selected
    Enter Type (this is an empty text box)

    Input claim value section
    Any (currently selected)
    Enter value (another empty text box)

    Output claim type ==> Pass through first input claim type  (currently selected, although this is probably wrong ?)
    Select type (with a drop down box full of values like this
      http://docs.oasisopen.org/wsfed/authorization/200706/claims/action
     http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant
     http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod
     http://schemas.microsoft.com/ws/2008/06/identity/claims/cookiepath
     http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid
      etc etc etc
    or the third option is Enter type again an empty text box

    no idea what to choose here, i guess the logic is when you have authenticated the user what token should you pass through to the CRM online application ?  i.e. input claim then output claim ???

    The next section is the output claim value
    option 1: Pass through first input claim value  (currently selected)
    option 2: Enter value, an empty text box

    I couldnt see anything in the documentation stating how to set this up.
    I am trying to use CRM online with the portal hosted in windows azure as described in the "Customer Portal Deployment Guide_Azure_V2.0.docx" document.

    any pointers would be really appreaciated

    Regards
    Derek


    • Edited by DerekEwing Tuesday, May 15, 2012 8:28 PM
    Tuesday, May 15, 2012 3:19 PM