locked
SfB 2015 On Prem - Enabled ADAL - External users can't connect RRS feed

  • Question

  • On Prem - Sfb 2015 all latest CUs
    ADFS - Both internal and external Proxy are running Server 2016 (Forms auth is enabled for both internal and external)
    Internal Clients on Domain Joined PCs Auth just fine
    External Clients on Domain Joined PCs Auth just fine
    Home users using their own machine with SfB 2016 Client, get ADAL pop with ADFS error before being able to even enter password.  (please contact admin.......)

    I can re-create the issue and have been trying to read through client logs and adfs logs..Can't figure out why the external users get handed off to ADFS Server and it rejects them with a "Requested Authentication Method is not supported on the STS." even though forms auth is enabled for external users. 

    Has anyone run in to this?

    After enabling ADAL on the front end, do I need to restart any services? is there a waiting period?

    Error on ADFS Server

    Encountered error during federation passive request. 

    Additional Data 

    Protocol Name: 
    OAuthAuthorizationProtocol 

    Relying Party: 
    https://rp.domain.com/ 

    Exception details: 
    Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS.

    Friday, November 17, 2017 2:38 PM

All replies

  • Hi Seth H,

    Based on your error “Requested Authentication Method is not supported on the STS.”,the problem may caused by the configuration setting which dictates allowed Authentication Methods , his is under AD FS Management Console->Authentication Policies->Global Settings->Edit-> check the “intranel” was select the “Forms Authentication”

    the following link you could have a reference.

    https://blogs.technet.microsoft.com/bshastri/2014/03/06/configuring-dynamics-crm-ifd-with-windows-server-2012-r2-ad-fs-adfs-3-0/


    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, November 20, 2017 5:36 AM

  • Hi Leon, thanks for the tip.  I had already checked that. If you look in my original post, I have Forms Auth enabled for both External and External.  We currently federate with multiple services (crm, zendesk, cvent, lynda, etc..) with no issues.

    So something else is going on.  I opened a ticket with MS since the logs aren't pointing me towards any answers.

    Monday, November 20, 2017 12:40 PM
  • Ok,if MS fix the problem, please update this case, it will help others who have similar issue

    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, November 22, 2017 10:11 AM
  • Are there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who has similar issue.

    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, November 27, 2017 11:06 AM
  • Hey , are there any updates on this issue ? 

    We've faced same problem after installing KB4048953 for adfs server 2016. :(

    Wednesday, December 13, 2017 2:08 PM