I'm facing an issue with CRM 2011 IFD and ADFS:
The problem is that every user is forced to login in CRM again after closing web browser.
Is there any way to make the session cookie persistent even if web browser is closed ?
As far as I'm aware there is not a way of doing this, I looked into it about a year ago, you can set the TokenLifeTime in the Web.config, however this is will only work during the browser session.
If you users are logging in via the domain connected computers they should sign in automatically, you should only be presented with this issue on computers that are external or not joined to the domain.
Sorry this doesn't answer your question, but may save you hours of looking for a solution that doesn't appear to exist.
Related
I don't have much idea about API but I managed setup Youtube API so that I am able to use Integromat workflow between Youtube and Airtable.
It works fine.
The issue I have is the connection between my Youtube API at Integroat is getting disconnected after a few days / weeks and have to re-verify(reconnect) to Google account again.
The Youtube app was setup properly (as instructed by Integromat) and as I said it works..... it's grabbing URLs of new Youtube videos on my Youtube channel and it is pushing those URLs into Airtable.
Now have even added mysef now as the user of the app. Wasn't listed as the user there (1 out of 100). Could that be the reason?
The Youtube API is setup as a test-app. Is that the reason for the disconnects at Integromat?
Do Ineed to request Google to have the app verified? Or can I continue with the app being a test app? (Because it says it hasn't been verified).
I don't know much about what I am doing but it sees working fine for me so I guess I managed to set it up OK except for the one issue with connection loss.
Pic:
The 2nd and 3rd item on the 2nd picture is for the Youtube API connection... and that is where I am being asked every now and then by Integromat to reconnnect the connection.. then I need to login and Google wanrs me my application wasn't approved so I pick continue etc...
The issue I have is the connection between my Youtube API at Integroat is getting disconnected after a few days / weeks and have to re-verify(reconnect) to Google account again.
This is because your authorization has an expire time. Access tokens by default work for one hour. If you want your application to refresh its access then you need to request offline access and store the refresh token and then use that to refresh your access whenever you need it.
On unverified apps refresh tokens will expire after a very short time this is because your application is considered to still be in development. YOu should apply for verification when you are ready to go to production. until that time you will need to login again regularly but as you are in development this sholdnt be to much of a problem.
I am having a problem when setting up ADFS in a web application which have hosted name site collections. Although I put ADFS authentication in a different zone, but in my hosted site name collections, I still can search for ADFS accounts. Please refer to the detailed info below:
My situation is:
I have a web application which have 2 hosted name site collections. It is using NTML authentication in Default Zone.
In order to use ADFS, I extended the web application to Internet Zone
However, during the extending web application, I think the SercurityTokenServiceApplication got some problems. I had to restart application pool of the SecurityTokenServiceApplication. After that I continued to configure ADFS in sharepoint.
Then my problem is:
The login via ADFS works perfectly. However, I have got a problem with the people picker of the hosted name site collections. When I opened the people picker to check permission, I tried to enter an account and the people picker showed both results from ActiveDirectory and ADFS. This problem now is in production farm, but it did not happen in my staging farm. I think it is because the SecurityTokenServiceApplication was not down at the time I set up in the stating environment.
I tried to reproduce the problem in my testing environment by stopping the SecurityTokenServiceApplication during extending web application step, then I got the same problem in the production.
However, the path-based site collections in the web application do not have this problem. Every hosted name site collection have issue.
I even tried to delete the web application and recreate again but the problem still exists.
From my understanding, if I set up that way, only site collections from Internet zone can retrieve users from ADFS. However, I do not know how to resolve the above problem. If there is any one experienced the same problem, please kindly advise.
Thanks a lot.
My question may be too broad or vague, but I cannot best describe it in any other way than I am doing it.
I have multiple Django applications. I have implemented SSO successfully for the same. All this things work. Now, I have been given a new task and its like this.
I have to integrate Microsoft ADFS authentication into my suite of applications and broaden the scope of current SSO.
My understanding of it is as, when I log into my laptop which is on corporate network (I assume this is how I have to put it) I also get logged into my django applications
I seriously have no idea of how this work as I have no experience with ADFS. Can anyone with experience of this explain it with a scenario of how it works so that I can understand it and think of a solution to it.
PS: If there is any more information needed I will provide. Also, if downvoting the question do put a reason so that I can edit the question and post it as it should be.
if Django supports SAML based login, then you set it up to trust ADFS. ADFS will automatically take care of logging in using your logged in credentials to a domain joined machine inside the corporate network. If the user accessed externally, it would prompt for password or a certificate based auth (e.g. smartcard) to login the user.
Can anybody explain exactly how a web beacon works? I know they're generally used by advertising platforms but i can't really find a good explanation on how they're working.
I know that cookies aren't accessible cross-domain. A web beacon is an image that sends a request to the server, and the server adds a cookie to the response, right? So how can it be accessed on different domains?
Thanks!
When an HTML page is downloaded the browser parses the page and looks for additional resources needed to display the page, such as images. For each image it finds the browser makes another request to a server in the background. When servers receive requests, they usually log the request to monitor load on the server, and record information about who sent the request and where it came from. A web beacon is a tiny invisible graphic that generates a request to the tracking firm's server. They record the request in their logs and then analyze their logs to see who went where and did what and when.
When returning the image from their servers to the browser, they can also send down information to be added to a cookie. There are third-party cookies that can be tracked across domains. If you come back to the site, and the beacon request is made again, that cookie will also be sent up in the request to the server and the tracking firm will have more information about you.
Think about this. Even though you are visiting myfavoritesite.com the web beacon image is being requested from trackers.com. The cookie they create is assigned/locked to their domain, trackers.com. But if you then surf over to myotherfavoritesite.com, and they too are sending web beacons to trackers.com, the cookie will essentially be shared between the two sites. There are more considerations here, but that is the basic premise.
Bug bug (also known as Web beacon) is very important tools commonly used by online advertiser as marketing or advertisement analysis tool for tracking and monitoring the activity of users on a website or marketing content i.e: blog or email. An expert advertiser inserts web bug in his content (usually on website and email) in order track how many people opened a particular content, on which application and country his content is being viewed. So, whenever advertisement display by third-party just know that you are being tracked for marketing analysis purpose.
Bug bug tools are provided freely or premium mostly by CRM service providers like Hubspot CRM, Freshsales CRM, Salesforce CRM, etc. However, a Web bug PHP code can also be used for this if tracking service by CRM provider is not available. Continue reading
And instead of going off and creating one using Php and Apache redirects, my vote is that you go to http://webbeak.com and create one, use it, and track it. No cost either.
In all cases we are running .NET Framework 3.5
My company has a server running Windows Server 2003 R2 (Service Pack 2), 32-bit processor. The IIS instance on this machine runs several Websites. One of the Websites we are running is Microsoft CRM 4.
When I attempt to log in to CRM from my local PC, everything's perfectly straightforward. I receive a prompt for username and password, I enter the details, I'm authenticated, and I pass through. Easy.
However: I can RDP into the 2003 Server and open IE. If I then browse to our CRM website I am prompted for a username and password. I provide exactly the same details - including the correct domain - as I enter from my local PC. But nothing. I'm denied access.
I am an administrator both of my local PC and of the 2003 Server.
This is very weird. I don't even know where to begin looking on this one. I don't even know what key terms to hit into Google.
Any help would be very much appreciated.
Context
Now, knowing what developers are like (I am one) the first response is going to be: "If you can log in from your PC, why do you care?"
There's more going on.
We have another website on that server that does nothing but host a set of critical web services. This is because the critical web services themselves rarely change but the other features change all the time. We don't want the critical web services to go down while maintenance is performed on other areas, so they were split off into their own independent web site about 18 months ago.
I am developing a web service for the critical site. This Web Service itself includes a proxy that points to the CrmService of CRM 4. The idea is that we want people to be able to submit certain information - such as lead contact information - into our CRM. However, we don't want to give just anyone access to the whole CRM system (obviously). So by publishing our own WebService that sits in the middle we can expose only the functionality that we want other people to have.
This new web service is now ready for deployment. All scenarios are met, all unit tests pass, everything that should fail does. It's all hunky-dory.
When I put that WebService on the 2003 Server, suddenly it can't communicate with CrmService any more due to authentication failure. ???
In my attempts to diagnose the problem, I noticed that no-one - not even administrators - can log into the CRM Website from within the 2003 Server. So I'm suspecting that whatever is causing that issue is also responsible for my web service to be unable to access the CrmService too.
For additional context, we have a new multi-domain SSL cert on the 2003 Server and we're splitting access to all our websites via host-headers.
I can't think of any more relevant information. If I've left out something critical, just ask.
Found it!
http://support.microsoft.com/kb/896861
Did the trick.