Hi All,
We have a CRM 2013 on-premise configuration with Claims/IFD Enabled.
The claims side works great without issue however when we try to access the external URL we receive a windows prompt continuously asking for login.
The configuration only has one external IP address so port 444 is used for the bindings on the CRM and 443 on the ADFS.
The current DNS enteries are:
sts - ADFS Server
CRM - internal CRM
dev - CRM server
auth - CRMserver
Orgname - CRM server
All entries have an external IP associated and are routed to the correct servers via the firewall.
Within the AD FS, when updating the IFD relying party, the identifiers do not return correctly. We see the following:
https://sts.domain.com/adfs/services/trust
https://sts.domain.com/adfs/services/trust/2005/issuedtokenmixedasymmetic
https://sts.domian.com/adfs/ls
etc
I have also noted that when we go to https://auth.domain.com:444/FederationMetadata/2007-06/FederationMetadata.xml.
The identifiers only show crm.domain.com:444 when we should be returned with:
dev.domain.com:444
orgname.domain.com:444
auth.domain.com:444
I have check the configuration when setting up the IFD in the deployment manager, the binding are added, certificate is trusted and has permissions for the AppPool, DNS Entries point correctly, firewalls have correct ports opened.
Any ideas from this point forward will be much appreciated.
regards