Answered by:
Error when sign in customer portal hosted by azure using Live ID

Question
-
I get the following error when I try to login to my azure hosted customer portal. Are we supposed to generate a rule under the rule groups in the Azure Access Control section as this was not a documented step. Can anyone help with this please?
Server Error in '/' Application.
The X.509 certificate CN=zaloutions.accesscontrol.windows.net is not in
Description:
the trusted people store. The X.509 certificate
CN=zaloutions.accesscontrol.windows.net chain building failed. The certificate
that was used has a trust chain that cannot be verified. Replace the certificate
or change the certificateValidationMode. A certificate chain processed, but
terminated in a root certificate which is not trusted by the trust
provider.
An unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the error and
where it originated in the code.
Exception Details:
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509
certificate CN=zaloutions.accesscontrol.windows.net is not in the trusted people
store. The X.509 certificate CN=zaloutions.accesscontrol.windows.net chain
building failed. The certificate that was used has a trust chain that cannot be
verified. Replace the certificate or change the certificateValidationMode. A
certificate chain processed, but terminated in a root certificate which is not
trusted by the trust provider.
Source Error:An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:[SecurityTokenValidationException: The X.509 certificate CN=zaloutions.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=zaloutions.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. ] System.IdentityModel.Selectors.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate) +958412 Microsoft.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate) +275 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(SecurityToken token) +472 Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +117 Microsoft.Xrm.Portal.IdentityModel.Web.Modules.WSFederationAuthenticationModuleExtensions.GetClaimsPrincipal(WSFederationAuthenticationModule fam, HttpContext context) +218 Microsoft.Xrm.Portal.IdentityModel.Web.Modules.WSFederationAuthenticationModuleExtensions.GetSessionSecurityToken(WSFederationAuthenticationModule fam, HttpContext context, String& identityProvider, String& userName, String& email, String& displayName, String emailClaimType, String displayNameClaimType, String identityProviderClaimType) +150 Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.GetSessionSecurityToken(HttpContext context, WSFederationAuthenticationModule fam, IDictionary`2 signInContext, String& identityProvider, String& userName, String& email, String& displayName) +288 Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.TryHandleSignInResponse(HttpContext context, WSFederationAuthenticationModule fam, IDictionary`2 signInContext) +199 Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.TryHandleSignInResponse(HttpContext context, WSFederationAuthenticationModule fam) +120 Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.ProcessRequest(HttpContext context) +530 [FederationAuthenticationException: Federated sign-in error.] Microsoft.Xrm.Portal.IdentityModel.Web.Handlers.FederationAuthenticationHandler.ProcessRequest(HttpContext context) +1204 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +625 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET
Version:4.0.30319.272Thursday, May 3, 2012 12:07 AM
Answers
-
Hi Sergey
Yes but there is another step after the step you mentioned. Once a new rule group is created, you actually need to go into that new rule group and add a new rule (as opposed to rule group) inside that rule group.
I also forgot to add the last line in the web.config which resolved the issue:
<certificateValidation certificateValidationMode="None"/>
Overall the portal works well in Azure (just a bit slow). The only problem is waiting for CRM 2011 Online to be upgraded to Rollup 7 so I can import the Customer Portal version 1.0.0013 from the marketplace as this solution does not import successfully at the moment.
- Marked as answer by bzalloua Monday, May 7, 2012 6:16 AM
Monday, May 7, 2012 6:09 AM
All replies
-
You do have to generate new rule, documentation has this section:
If this is the first relying party application, check the box to Create new rule group which creates a default rule group when saved. Subsequent relying party applications may share this default rule group rather than creating a new one.
Let us know if you get documentation from some other location and it's missing instructions.
Saturday, May 5, 2012 12:36 AM -
Hi Sergey
Yes but there is another step after the step you mentioned. Once a new rule group is created, you actually need to go into that new rule group and add a new rule (as opposed to rule group) inside that rule group.
I also forgot to add the last line in the web.config which resolved the issue:
<certificateValidation certificateValidationMode="None"/>
Overall the portal works well in Azure (just a bit slow). The only problem is waiting for CRM 2011 Online to be upgraded to Rollup 7 so I can import the Customer Portal version 1.0.0013 from the marketplace as this solution does not import successfully at the moment.
- Marked as answer by bzalloua Monday, May 7, 2012 6:16 AM
Monday, May 7, 2012 6:09 AM -
Thanks, we'll make sure latest documentation gets updated with next release.Saturday, May 12, 2012 1:33 AM