Answered by:
Unable to Login CRM 2011 from ADFS login page of IFD deployment

Question
-
Hi All,
I had successfully setting up ADFS, Claims based authentication and IFD for CRM 2011 on Windows Server 2012. Also when i try to access CRM over the internet using https//orgname.domain.com:8443 (my ssl port) I am getting redirected to ADFS login page. But when I try to enter my credentials it says "username or password is incorrect".
After checking the eventvwr logs for ADFS. I found below Error. Can anyone please direct me to what it is and how to get it resolved?
The Federation Service encountered an error while processing the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityServer.Framework.SecurityTokenService.FailedAuthenticationException: MSIS3055: The requested relying party trust 'https://<orgname>.<domain>.com:8443/' is unspecified or unsupported. If a relying party trust was specified, it is possible the user does not have permission to access the relying party trust. ---> Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.ScopeNotFoundPolicyRequestException: MSIS3020: The relying party trust with identifier 'https://<orgname>.<domain>.com:8443/' could not be located.
--- End of inner exception stack trace ---
at System.IdentityModel.AsyncResult.End(IAsyncResult result)
at System.ServiceModel.Security.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)
at System.ServiceModel.Security.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)
Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.ScopeNotFoundPolicyRequestException: MSIS3020: The relying party trust with identifier 'https://<orgname>.<domain>.com:8443/' could not be located.
Prathmesh If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful" http://patelprathmesh.blogspot.com/
Monday, July 22, 2013 12:58 AM
Answers
-
Hi Prathmesh,
That doesn’t look to be right CRM entry points, they look more to the ADFS entry points.
Be sure you add your https//orgname.domain.com:8443 as relaying party trust
Regards,
Damian Sinay- Marked as answer by Prathmesh P Wednesday, July 24, 2013 1:26 AM
Tuesday, July 23, 2013 11:05 PM
All replies
-
Hi Prathmesh,
Do you have https//orgname.domain.com:8443 as relaying party trusts in ADFS?
Regards,
Damian SinayTuesday, July 23, 2013 1:47 PM -
Please find below screenshot about the replying parties I can see in ADFS.
Prathmesh If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful" http://patelprathmesh.blogspot.com/
Tuesday, July 23, 2013 10:59 PM -
Hi Prathmesh,
That doesn’t look to be right CRM entry points, they look more to the ADFS entry points.
Be sure you add your https//orgname.domain.com:8443 as relaying party trust
Regards,
Damian Sinay- Marked as answer by Prathmesh P Wednesday, July 24, 2013 1:26 AM
Tuesday, July 23, 2013 11:05 PM -
Hi Damian,
I finally figured it out that the Federation metadata URL I was pointing at for adding a Relying Party Trusts was incorrect and after cross checking each and every step again from the beginning I figured out that the metadata URL in relying party trust was of ADFS server and the Federation metadata URL pointing to CRM had a port number in it (rest all same) which I was missing.
Thanks a lot for guiding me into the correct direction. :)
- Edited by Prathmesh P Wednesday, July 24, 2013 1:31 AM Added Detail
Wednesday, July 24, 2013 1:28 AM