locked
Unable to Login CRM 2011 from ADFS login page of IFD deployment RRS feed

  • Question

  • Hi All,

    I had successfully setting up ADFS, Claims based authentication and IFD for CRM 2011 on Windows Server 2012. Also when i try to access CRM over the internet using https//orgname.domain.com:8443 (my ssl port) I am getting redirected to ADFS login page. But when I try to enter my credentials it says "username or password is incorrect". 

    After checking the eventvwr logs for ADFS. I found below Error. Can anyone please direct me to what it is and how to get it resolved?

    The Federation Service encountered an error while processing the WS-Trust request. 
    Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue 

    Additional Data 
    Exception details: 
    Microsoft.IdentityServer.Framework.SecurityTokenService.FailedAuthenticationException: MSIS3055: The requested relying party trust 'https://<orgname>.<domain>.com:8443/' is unspecified or unsupported. If a relying party trust was specified, it is possible the user does not have permission to access the relying party trust. ---> Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.ScopeNotFoundPolicyRequestException: MSIS3020: The relying party trust with identifier 'https://<orgname>.<domain>.com:8443/' could not be located.
       --- End of inner exception stack trace ---
       at System.IdentityModel.AsyncResult.End(IAsyncResult result)
       at System.ServiceModel.Security.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)
       at System.ServiceModel.Security.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)

    Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.ScopeNotFoundPolicyRequestException: MSIS3020: The relying party trust with identifier 'https://<orgname>.<domain>.com:8443/' could not be located.



    Prathmesh If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful" http://patelprathmesh.blogspot.com/

    Monday, July 22, 2013 12:58 AM

Answers

  • Hi Prathmesh,

                    That doesn’t look to be right CRM entry points, they look more to the ADFS entry points.

    Be sure you add your https//orgname.domain.com:8443 as relaying party trust


    Regards,
    Damian Sinay

    • Marked as answer by Prathmesh P Wednesday, July 24, 2013 1:26 AM
    Tuesday, July 23, 2013 11:05 PM

All replies

  • Hi Prathmesh,

                    Do you have https//orgname.domain.com:8443 as relaying party trusts in ADFS?


    Regards,
    Damian Sinay

    Tuesday, July 23, 2013 1:47 PM

  • Please find below screenshot about the replying parties I can see in ADFS.


    Prathmesh If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful" http://patelprathmesh.blogspot.com/

    Tuesday, July 23, 2013 10:59 PM
  • Hi Prathmesh,

                    That doesn’t look to be right CRM entry points, they look more to the ADFS entry points.

    Be sure you add your https//orgname.domain.com:8443 as relaying party trust


    Regards,
    Damian Sinay

    • Marked as answer by Prathmesh P Wednesday, July 24, 2013 1:26 AM
    Tuesday, July 23, 2013 11:05 PM
  • Hi Damian,

    I finally figured it out that the Federation metadata URL I was pointing at for adding a Relying Party Trusts was incorrect and after cross checking each and every step again from the beginning I figured out that the metadata URL in relying party trust was of ADFS server and the Federation metadata URL pointing to CRM had a port number in it (rest all same) which I was missing.

    Thanks a lot for guiding me into the correct direction. :)


    • Edited by Prathmesh P Wednesday, July 24, 2013 1:31 AM Added Detail
    Wednesday, July 24, 2013 1:28 AM