locked
Internal CRM does not auto authenticate with claims after IFD is enabled RRS feed

  • Question

  • When I enabled IFD on my crm deplyment it stopped my internal CRM users from being authenticated automatically.

    If I disable the IFD it goes back to authenticating automatically. My internal and exteranl URLs are differnt.

    Internal:

    crm.contoso.com

    External:

    org1.contoso.com

    Any Ideas what is going on?

    Monday, May 16, 2011 6:08 PM

All replies

  • I have been informed that when you enable your IFD internally and externally you will be required to sign into crm though ADFS.

    Has anyone experianced something differnt or been able to get around this to auto authenticate on the inside?

    Friday, May 20, 2011 4:07 AM
  • I'm not 100% sure I understand what you're asking, but I'll explain what should happen as I understand it.

    After you enable Claims-based authentication AND IFD...

    Internal

    1. User hits your internal URL eg. https://crminternal.contoso.com
    2. User is automatically redirected to the ADFS server eg. https://adfs.contoso.com
    3. ADFS server authenticates user automatically via AD
    4. User receives ticket from ADFS
    5. User is redirected back to CRM and authenticates using ADFS ticket

    External

    1. User hits your external URL eg. https://org.contoso.com
    2. User is automatically redirected to the ADFS server eg. https://adfs.contoso.com
    3. ADFS server authenticates user using Login Form
    4. User receives ticket from ADFS
    5. User is redirected back to CRM and authenticates using ADFS ticket

    If your users are not being automatically authenticated by ADFS via AD, add the ADFS server to your trusted sites and set your trusted sites to 'Logon automatically using Domain username and password' or whatever that setting in IE is called.

    If you are not being automatically redirected from CRM to ADFS, something is wrong with your Claims configuration.


    --pogo (pat) @ pogo69.wordpress.com
    Monday, May 23, 2011 5:28 AM
  • Hi,

    Have you created two relying parties on your ADFS machine? (one for internal claims and one for external claims aka IFD)?

    Are you able to access the internal URL (https://crminternal.contoso.com) like pogo69 stated in his post?

    Thanks,
    Michael

     

    Tuesday, June 7, 2011 3:39 AM