In this webinar, our experts showcase a variety of demo use cases of how different components of the...
Active Directory Federation Services (ADFS) is a great option to enable single sign on with Microsoft Dynamics CRM Online and other applications. If you are using ADFS with a portal or other application (pretty soon CRM too), you want to make sure the login mechanism works with all browsers and NOT just IE.
A small glitch is that browsers such as Chrome and Firefox do not support ‘enhanced protection’ when using windows authentication. So what does this mean?
It means that if you log in with ADFS from a non-IE browser, it will not work. You will see this authentication failure in the application log:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
….
The good news is that the fix is easy. Simply turn off Enhanced Protection for Windows Authentication in IIS in the adfsls folder.
Log in to your ADFS server. In IIS, expand adfs, then right click on the ls subfolder.
Double click on authentication, then in the advanced properties for windows authentication, turn off ‘enhanced protection’.
There you go! ADFS and single sign on for non-IE browsers.
Happy CRM'ing!
Surely "Accept" would be the right setting to use to protect most connections against a MITM attack (the whole point of using Extended Protection) while allowing non-compliant clients to connect?
Any Opera CRM info
Hi Markus - The release next month shoudl finaly bring cross browser compatibility to crm. However, Opera is not one of the officialy supported browsers. But since crm will be all html and will have no more 'quirks' or 'activex' most of it shoudl run ok. Here's a link to the official dec release info:
http://crmpublish.blob.core.windows.net/docs/Release_Preview_Guide_December_2012_FINAL.pdf
Thank you, this worked perfectly, been an issue for a long time.
For Free Browser Tech Support Contact Us: 1-800-935-0537
http://computertechsupport.us/
Thanks for this helpful article. I could login to my web application via AD FS integration just fine from Chrome on my Mac. However, my counterparts using Chrome on Windows could not. This was the problem.
The most recent stable version of Chrome (Version 51.0.2704.84) now supports enhanced protection, and the SSO experience is similar to IE