locked
Sign out link not signing out RRS feed

  • Question

  • We are running Dynamics CRM 2013 with claims based authentication and we have an issue where the users are not properly logged out.

    Steps to reproduce

    1. Log on to CRM
    2. Click Sign Out link -> This will take the user to the ADFS sign out page
    3. Navigate back to CRM -> This will log the user automatically

    Is this the default behaviour or is ADFS misconfigured?

    I think we've upped the Token lifetime, in ADFS, to 12 hours, but without this it would log the users out completely, so ...

    If on step 3, they close the browser, then they will get to select adfs provider, etc..

    Any ideas?

    Thanks


    Tuesday, March 24, 2015 5:55 PM

Answers

  • It seems that this behaviour is by design

    From this (https://technet.microsoft.com/en-us/library/gg188586%28v=crm.6%29.aspx)

    The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.

    In the Authentication is Required dialog box, if you click Cancel, the token expires as indicated. When the security token expires, you will need to start a new browser session to Microsoft Dynamics CRM to access your data. Any unsaved changes will be lost.

    In the Authentication is Required dialog box, if you click Sign In, the Sign-Out page appears. When you close the Sign-Out page, one of the following occurs:

    • If you have not deployed an Internet-facing deployment (IFD), you will automatically re-authenticate with domain credentials and a new security token will be issued.
    • If you have an IFD deployment, you will be required to re-authenticate by entering your credentials on the login page.

    Wednesday, April 1, 2015 7:47 AM