Dynamics NAV 2016/2017 + problem to login UPN (Email ID) with ADFS integrated setup

GomzyGomzy Member Posts: 2
Hi,
I am testing Dynamics NAV 2016/2017 to integrate with ADFS (4.0 on Windows server 2019) to login users with UPN (Email ID). I followed this article:
https://docs.microsoft.com/en-us/dynamics-nav/authenticating-users-with-active-directory-federation-service-2017

1. Created SAML 1.0 & JWT tokens in Claim Issuance Policy. JWT enabled for the identifier.
2. Changed ClientUserSettings.config, CustomSettings.config & web.config files with 'ACS', Federation Metadata, ACSUri.
3. Configured user's email id in 'Office 365 Authentication' of Navision.

Here the Nav server instance, Web server & Client are installed on same server. Without ADFS configuration, the user is able to login using Win & Web clients.
But when I am trying to open the Win client or Web client with ADFS configuration, below error is coming in both NAV2016 & 2017 servers(I have tried NAV 2016 RTM, NAV 2016 CU62, NAV 2017 RTM). In below logs, I have changed the actual user's email id with XYZ@<domain name>. Please let me know if any one face this error, while trying to configure NAV with ADFS?
I have already tested NAV 2018 & BC 365 with ADFS & the UPN(email) login is working fine.

Type: Microsoft.Dynamics.Nav.Client.NavClientClosingException
Fatal: False
ShowError: True
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.WinClient.ExceptionHandler.DoExecute(Func`1 execute)
at Microsoft.Dynamics.Nav.Client.WinClient.StartWinFormsClient.RunCore()
Source: Microsoft.Dynamics.Nav.Client.WinClient
HResult: -2146233088
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidSecurityTokenException
SuppressMessage: False
SuppressExceptionCreatedEvent: False
FatalityScope: None
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service)
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceAndPerformAcsHandshakeIfNeeded()
at Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.OpenConnectionToServer()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.OpenServerConnectionCore()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.OpenServerConnectionWithMultipleLoginAttempts()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.InitializeUISession()
at Microsoft.Dynamics.Framework.UI.Windows.ClientSessionBase.InitCore()
at Microsoft.Dynamics.Nav.Client.WinClient.NavWinFormsClientSession.InitCore()
at Microsoft.Dynamics.Framework.UI.ClientSessionCore.Init()
at Microsoft.Dynamics.Framework.UI.Windows.ClientSessionBase.Run()
at Microsoft.Dynamics.Nav.Client.WinClient.NavClientErrorHandler.ExecuteAndCatchExceptions(Func`1 execute)
Source: Microsoft.Dynamics.Nav.Client.Builder
HResult: -2146233088
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException
SuppressMessage: False
SuppressExceptionCreatedEvent: False
FatalityScope: None
Message: <ii>Your user name XYZ@<domain name> or password is incorrect, or you do not have a valid account in Microsoft Dynamics NAV.</ii>
StackTrace:
at Microsoft.Dynamics.Nav.Client.FaultExceptionHelperClass.ConvertException(Exception ex, Func`1 productNameProvider, NavClientCredentialType credentialType)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings)
at Microsoft.Dynamics.Nav.Client.ServiceConnection.OpenConnection()
at Microsoft.Dynamics.Nav.Client.ServiceConnection.Initialize()
at Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service)
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection
HResult: -2146233088
Type: System.ServiceModel.Security.MessageSecurityException
Message: <ii>An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.</ii>
StackTrace:

Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryGetChannel()
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel& channel)
at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel)
at System.ServiceModel.Channels.ReliableChannelBinder`1.Send(Message message, TimeSpan timeout, MaskingMode maskingMode)
at System.ServiceModel.Channels.SendReceiveReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last)
at System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.Dynamics.Nav.Types.Channels.ChunkingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.CallOpenConnection(IAsyncNavService server, ConnectionRequest connectionRequest)
at Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings)
Source: mscorlib
HResult: -2146233087
Type: System.ServiceModel.FaultException
Message: <ii>The server has rejected the client credentials for the user: XYZ@<domain name>.</ii>
HResult: -2146233087
Sign In or Register to comment.