Dynamics NAV 2016/2017 + problem to login UPN (Email ID) with ADFS integrated setup
Gomzy
Member Posts: 2
Hi,
I am testing Dynamics NAV 2016/2017 to integrate with ADFS (4.0 on Windows server 2019) to login users with UPN (Email ID). I followed this article:
https://docs.microsoft.com/en-us/dynamics-nav/authenticating-users-with-active-directory-federation-service-2017
1. Created SAML 1.0 & JWT tokens in Claim Issuance Policy. JWT enabled for the identifier.
2. Changed ClientUserSettings.config, CustomSettings.config & web.config files with 'ACS', Federation Metadata, ACSUri.
3. Configured user's email id in 'Office 365 Authentication' of Navision.
Here the Nav server instance, Web server & Client are installed on same server. Without ADFS configuration, the user is able to login using Win & Web clients.
But when I am trying to open the Win client or Web client with ADFS configuration, below error is coming in both NAV2016 & 2017 servers(I have tried NAV 2016 RTM, NAV 2016 CU62, NAV 2017 RTM). In below logs, I have changed the actual user's email id with XYZ@<domain name>. Please let me know if any one face this error, while trying to configure NAV with ADFS?
I have already tested NAV 2018 & BC 365 with ADFS & the UPN(email) login is working fine.
Type: Microsoft.Dynamics.Nav.Client.NavClientClosingException
Fatal: False
ShowError: True
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.WinClient.ExceptionHandler.DoExecute(Func`1 execute)
at Microsoft.Dynamics.Nav.Client.WinClient.StartWinFormsClient.RunCore()
Source: Microsoft.Dynamics.Nav.Client.WinClient
HResult: -2146233088
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidSecurityTokenException
SuppressMessage: False
SuppressExceptionCreatedEvent: False
FatalityScope: None
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service)
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceAndPerformAcsHandshakeIfNeeded()
at Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.OpenConnectionToServer()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.OpenServerConnectionCore()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.OpenServerConnectionWithMultipleLoginAttempts()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.InitializeUISession()
at Microsoft.Dynamics.Framework.UI.Windows.ClientSessionBase.InitCore()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.InitCore()
at Microsoft.Dynamics.Framework.UI.ClientSessionCore.Init()
at Microsoft.Dynamics.Framework.UI.Windows.ClientSessionBase.Run()
at Microsoft.Dynamics.Nav.Client.WinClient.NavClientErrorHandler.ExecuteAndCatchExceptions(Func`1 execute)
Source: Microsoft.Dynamics.Nav.Client.Builder
HResult: -2146233088
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException
SuppressMessage: False
SuppressExceptionCreatedEvent: False
FatalityScope: None
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.FaultExceptionHelperClass.ConvertException(Exception ex, Func`1 productNameProvider, NavClientCredentialType credentialType)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings)
at Microsoft.Dynamics.Nav.Client.ServiceConnection.OpenConnection()
at Microsoft.Dynamics.Nav.Client.ServiceConnection.Initialize()
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service)
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection
HResult: -2146233088
Type: System.ServiceModel.Security.MessageSecurityException
Message: <ii>An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.</ii>
StackTrace:
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryGetChannel()
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel& channel)
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel)
at System.ServiceModel.Channels.ReliableChannelBinder`1.Send(Message message, TimeSpan timeout, MaskingMode maskingMode)
at System.ServiceModel.Channels.SendReceiveReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last)
at System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.Dynamics.Nav.Types.Channels.ChunkingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.CallOpenConnection(IAsyncNavService server, ConnectionRequest connectionRequest)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings)
Source: mscorlib
HResult: -2146233087
Type: System.ServiceModel.FaultException
Message: <ii>The server has rejected the client credentials for the user: XYZ@<domain name>.</ii>
HResult: -2146233087
I am testing Dynamics NAV 2016/2017 to integrate with ADFS (4.0 on Windows server 2019) to login users with UPN (Email ID). I followed this article:
https://docs.microsoft.com/en-us/dynamics-nav/authenticating-users-with-active-directory-federation-service-2017
1. Created SAML 1.0 & JWT tokens in Claim Issuance Policy. JWT enabled for the identifier.
2. Changed ClientUserSettings.config, CustomSettings.config & web.config files with 'ACS', Federation Metadata, ACSUri.
3. Configured user's email id in 'Office 365 Authentication' of Navision.
Here the Nav server instance, Web server & Client are installed on same server. Without ADFS configuration, the user is able to login using Win & Web clients.
But when I am trying to open the Win client or Web client with ADFS configuration, below error is coming in both NAV2016 & 2017 servers(I have tried NAV 2016 RTM, NAV 2016 CU62, NAV 2017 RTM). In below logs, I have changed the actual user's email id with XYZ@<domain name>. Please let me know if any one face this error, while trying to configure NAV with ADFS?
I have already tested NAV 2018 & BC 365 with ADFS & the UPN(email) login is working fine.
Type: Microsoft.Dynamics.Nav.Client.NavClientClosingException
Fatal: False
ShowError: True
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.WinClient.ExceptionHandler.DoExecute(Func`1 execute)
at Microsoft.Dynamics.Nav.Client.WinClient.StartWinFormsClient.RunCore()
Source: Microsoft.Dynamics.Nav.Client.WinClient
HResult: -2146233088
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidSecurityTokenException
SuppressMessage: False
SuppressExceptionCreatedEvent: False
FatalityScope: None
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service)
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceAndPerformAcsHandshakeIfNeeded()
at Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.OpenConnectionToServer()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.OpenServerConnectionCore()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.OpenServerConnectionWithMultipleLoginAttempts()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.InitializeUISession()
at Microsoft.Dynamics.Framework.UI.Windows.ClientSessionBase.InitCore()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.InitCore()
at Microsoft.Dynamics.Framework.UI.ClientSessionCore.Init()
at Microsoft.Dynamics.Framework.UI.Windows.ClientSessionBase.Run()
at Microsoft.Dynamics.Nav.Client.WinClient.NavClientErrorHandler.ExecuteAndCatchExceptions(Func`1 execute)
Source: Microsoft.Dynamics.Nav.Client.Builder
HResult: -2146233088
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException
SuppressMessage: False
SuppressExceptionCreatedEvent: False
FatalityScope: None
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.FaultExceptionHelperClass.ConvertException(Exception ex, Func`1 productNameProvider, NavClientCredentialType credentialType)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings)
at Microsoft.Dynamics.Nav.Client.ServiceConnection.OpenConnection()
at Microsoft.Dynamics.Nav.Client.ServiceConnection.Initialize()
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service)
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection
HResult: -2146233088
Type: System.ServiceModel.Security.MessageSecurityException
Message: <ii>An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.</ii>
StackTrace:
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryGetChannel()
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel& channel)
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel)
at System.ServiceModel.Channels.ReliableChannelBinder`1.Send(Message message, TimeSpan timeout, MaskingMode maskingMode)
at System.ServiceModel.Channels.SendReceiveReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last)
at System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.Dynamics.Nav.Types.Channels.ChunkingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.CallOpenConnection(IAsyncNavService server, ConnectionRequest connectionRequest)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings)
Source: mscorlib
HResult: -2146233087
Type: System.ServiceModel.FaultException
Message: <ii>The server has rejected the client credentials for the user: XYZ@<domain name>.</ii>
HResult: -2146233087
0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.8K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 329 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions