Hi everyone,
I am not a developer - just to mention it at the beginning :-)
We have a strange issue. It can be compared to this thread http://social.msdn.microsoft.com/Forums/vstudio/en-US/e71b55b2-da61-40ba-ac23-c3e81f268298/action?threadDisplayName=sharepoint-2013-adfs-21-and-forms-signin-issue
with some differences:
- we use ADFS 3.0 and CRM 2013
- we can access SharePoint when not accessing CRM before
- we can access SharePoint when we do a “logout” in CRM before
- we can access SharePoint first and switch to CRM afterwards (and switch back) with no Problems
We have questions about some symptoms:
1. Path of ADFS is not set accordingly within the ADFS MSISPersistent Cookie. Set is "/adfs" instead of "/adfs/ls" - or is this correct?
2. ADFS offers more than one "MSAuth"-cookie to SharePoint 2013 (e.g. MSAuth= MSISAuth=77u/PD94bWw... and MSAuth= MSISAuth=AAEAAGCfPiwQBsB...) - maybe this leads to confusion???
3. If we do a "logout" within CRM 2013 and switch to SharePoint 2013 afterwards everything is working. Same if we close the browser between switching applications - do we have an issue with ADFS or CRM or both?
CRM 2013 - 6.1.0000.0581
SharePoint 2013 - 15.0.4551.1005 (October 2013 CU)
Windows Server 2012 R2 (ADFS & WAP) - all updates
There are no errors or Event log entries in the applications or ADFS or WAP!
Our theories:
- Something with cached session-cookies of CRM is wrong.
- Too many MSISAuth Cookies passed to SharePoint
- Wrong path of ADFS Cookie has an Impact on the redirection SAML assertion. Parameter "&RedirectToIdentityProvider=http%3a%2f%2fadfs.domain.local%2fadfs%2fservices%2ftrust" is missing when switching from CRM to SharePoint. The redirect Parameter
exists if we just log into SharePoint only.
We have a MS Call open. If we will find a solution there I will post it here.
Any ideas or answers from the community?
Feel free to ask questions. Thanks in advance.