locked
Can'g get Claims Based Authentication working RRS feed

  • Question

  • I am trying to get CRM working with Claims Based Authentication so that I can put it in IFD mode.  It appears that my problem is with the AD FS 2.0 installation.  I backed out of IFD and Claims Based Authentication and have focused on getting a clean AD FS 2.0 installation.

    I have installed (and re-installed several times) AD FS 2.0. The installation proceeds without error and everthing appers to be OK except that I cannot browse to FederationMetadata.xml. I have gone through the "Things to Check Before Troubleshooting AD FS 2.0 and everthing checks out OK except verification that AD FS 2.0 metadata endpoints are accessible.

    When I browse to https://hostname/adfs/services/trust/mex I get a dump of xml on the page as expected.

    When I browse to https://hostname/FederationMetadata/2007-06/FederationMetadata.xml I get a blank page. The SSL certificate for that page is OK and there are no errors but if I understand things correctly I should get a dump of xml on the page. I have searched the local drive for FederationMetadata.xml and I cannot find that file anywhere.

    Any suggestions on how to troubleshoot this problem would be greatly appreciated.

     

    Matt

    Thursday, August 11, 2011 10:27 PM

Answers

  • After you installed AD FS 2.0 did you open up the management console and run the initial configuration?

     

    • Marked as answer by Jim Glass Jr Friday, August 12, 2011 6:30 PM
    Friday, August 12, 2011 1:28 PM
    Moderator

All replies

  • After you installed AD FS 2.0 did you open up the management console and run the initial configuration?

     

    • Marked as answer by Jim Glass Jr Friday, August 12, 2011 6:30 PM
    Friday, August 12, 2011 1:28 PM
    Moderator
  • OK, AD FS was working all along and browsing to https://hostname/FederationMetadata/2007-06/FederationMetadata.xml returned the xml as it was supposed to. The problem was that IE was not displaying it. On one PC I simply changed to compatibility mode and it displayed correctly. On another PC I had to delete all history and then switch to compatibility mode.

     

    Matt

    Friday, August 12, 2011 4:03 PM