Internal CRM does not auto authenticate with claims after IFD is enabled

All replies

• 

  

  0

  Sign in to vote

  I have been informed that when you enable your IFD internally and externally you will be required to sign into crm though ADFS.

  Has anyone experianced something differnt or been able to get around this to auto authenticate on the inside?

  Friday, May 20, 2011 4:07 AM
• 

  

  2

  Sign in to vote

  I'm not 100% sure I understand what you're asking, but I'll explain what should happen as I understand it.

  After you enable Claims-based authentication AND IFD...

  Internal

  1. User hits your internal URL eg. https://crminternal.contoso.com
  2. User is automatically redirected to the ADFS server eg. https://adfs.contoso.com
  3. ADFS server authenticates user automatically via AD
  4. User receives ticket from ADFS
  5. User is redirected back to CRM and authenticates using ADFS ticket

  External

  1. User hits your external URL eg. https://org.contoso.com
  2. User is automatically redirected to the ADFS server eg. https://adfs.contoso.com
  3. ADFS server authenticates user using Login Form
  4. User receives ticket from ADFS
  5. User is redirected back to CRM and authenticates using ADFS ticket

  If your users are not being automatically authenticated by ADFS via AD, add the ADFS server to your trusted sites and set your trusted sites to 'Logon automatically using Domain username and password' or whatever that setting in IE is called.

  If you are not being automatically redirected from CRM to ADFS, something is wrong with your Claims configuration.

  ---

  --pogo (pat) @ pogo69.wordpress.com

  Monday, May 23, 2011 5:28 AM
• 

  

  1

  Sign in to vote

  Hi,

  Have you created two relying parties on your ADFS machine? (one for internal claims and one for external claims aka IFD)?

  Are you able to access the internal URL (https://crminternal.contoso.com) like pogo69 stated in his post?

  Thanks,
  Michael

   

  Tuesday, June 7, 2011 3:39 AM