Tag Archives: IFD

IT

CRM 2013 Claims-based authentication

Leave a comment

http://www.microsoft.com/en-us/download/details.aspx?id=41701

crmOn the above link you can download the “Configuring Claims-based Authentication for Microsoft Dynamics CRM Server” manual from Microsoft’s Download Center. I’ve only ran through the process of configuring claims-based authentication internally but still came across a few things in that I had to adjust compared to the document that was downloaded. Unfortunately Microsoft doesn’t allow you to make comments in the Download Center as they do on other websites they host.

1) In the chapter “Configure the AD FS server for claims” on page 29, you need to enter userPrincipalName or User-Principal-Name, not User Principal Name as stated in the document. If you type the first it will change into the second option, but taking over what was mentioned in the document will lead to the an “Invalid Argument” error and within the URL you will find ErrorCode=0x80040203.

2) With the above you have AD FS Management already open so go to AD FS -> Service -> Certificates and make sure there are no self-signed certificates there, I had to change the token-decrypting and token-signing certificates for which I used the ADFS Website certificate and this certificate is also used in the Claims-Based authentication wizard as they have to match (or other wise your encryption/decryption will fail), which was what led me looking for these settings in the first place. Errors that are found in the URL included : “The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.” or “An encrypted security token was received at the relying party which could not be decrypted. Configure the relying party with a suitable decryption certificate.” with the thumbprint of the certificate in there.

For the rest the document is good, however you need to read it very carefully as it is easy to overlook something. And with everything IT it is either 1 or 0. It works or it doesn’t.