[gelöst] Single Sign-On

Die deutschsprachige Microsoft Dynamics® Community

[gelöst] Single Sign-On

14. Dezember 2017 14:53

Hallo zusammen,

ich hänge gerade beim SSO mit unserem AzureAD (O365).
Ich bin lt. dieser Anleitung https://docs.microsoft.com/en-us/dynamics-nav/authenticating-users-with-azure-active-directory
vorgegangen -> hab auch zwischenzeitlich mal die Powershell-Scripte versucht (als erstes, aber da kommt aus meiner Sicht nur Blödsinn raus).

Habt ihr es unter 2018 "schon" geschafft SSO zu nutzen?

Folgende Meldung erhalte ich im Webclient (und auch im WinClient [ClickOnce])
Das hat leider nicht funktioniert

Sie können sich aufgrund eines technischen Problems nicht anmelden. Wenden Sie sich an Ihren Systemadministrator.


PS: folgende Fehlermeldung(en) im Eventlog der NST-Maschine (Azure) erhalte ich:

#1:
Code:
Fehler beim Zugriff auf Website
Roh-URL:
URL:
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavAuthenticationException
Message: Sie können sich aufgrund eines technischen Problems nicht anmelden. Wenden Sie sich an Ihren Systemadministrator.
StackTrace:
   bei Microsoft.Dynamics.Nav.Client.FaultExceptionHelperClass.ConvertException(Exception ex, Func`1 productNameProvider, NavClientCredentialType credentialType) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\FaultExceptionHelperClass.cs:Zeile 298.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 414.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 216.
   bei Microsoft.Dynamics.Nav.Client.Web.SimpleServerOperation.SimpleServerOperationConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebCommon\Security\SimpleServerOperation.cs:Zeile 151.
   bei Microsoft.Dynamics.Nav.Client.Web.SimpleServerOperation.ExecuteCore[TResult,TChannel](RequestContext requestContext, ConnectionOptions serverConnectionOptions, Func`2 operation, Func`3 operationWithContext, Func`2 localExceptionHandler) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebCommon\Security\SimpleServerOperation.cs:Zeile 270.
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection----------------------------------
Type: System.ServiceModel.Security.MessageSecurityException
Message: Ein nicht gesicherter oder fehlerhaft gesicherter Fehler wurde vom anderen Teilnehmer empfangen. Den Fehlercode und Details finden Sie unter der inneren FaultException.
StackTrace:

Server stack trace:
   bei System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   bei System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   bei System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
   bei System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
   bei System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
   bei System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryGetChannel()
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel& channel)
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel)
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.Send(Message message, TimeSpan timeout, MaskingMode maskingMode)
   bei System.ServiceModel.Channels.SendReceiveReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last)
   bei System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
   bei System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
   bei System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   bei Microsoft.Dynamics.Nav.Types.Channels.ChunkingDuplexSessionChannel.OnOpen(TimeSpan timeout) in S:\Depot\NAV110\Platform\ClientServerShared\Prod.Types\Channels\ChunkingDuplexSessionChannel.cs:Zeile 97.
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   bei System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

Exception rethrown at [0]:
   bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   bei System.ServiceModel.ICommunicationObject.Open()
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.CallOpenConnection(IAsyncNavService server, ConnectionRequest connectionRequest) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 527.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 340.
Source: mscorlib----------------------------------
Type: System.ServiceModel.FaultException
Message: Sie können sich aufgrund eines technischen Problems nicht anmelden. Wenden Sie sich an Ihren Systemadministrator.
StackTrace:

Source:


#2
Code:
Fehler beim Zugriff auf Website
Roh-URL:
URL:
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavSCOpenConnectionException
Message: Sie können sich aufgrund eines technischen Problems nicht anmelden. Wenden Sie sich an Ihren Systemadministrator.
StackTrace:
   bei Microsoft.Dynamics.Nav.Client.ServiceConnection.OpenConnection() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ServiceConnection.cs:Zeile 906.
   bei Microsoft.Dynamics.Nav.Client.ServiceConnection.Initialize() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ServiceConnection.cs:Zeile 561.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\AcsHandshakeHandler.cs:Zeile 92.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceAndPerformAcsHandshakeIfNeeded() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\AcsHandshakeHandler.cs:Zeile 59.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.OpenConnectionToServer() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\BuilderSessionInitializer.cs:Zeile 265.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.InitializeCore() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\BuilderSessionInitializer.cs:Zeile 92.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.Initialize() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\BuilderSessionInitializer.cs:Zeile 76.
   bei Microsoft.Dynamics.Framework.UI.UISession.Initialize() in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Session\UiSession.cs:Zeile 1073.
   bei Microsoft.Dynamics.Nav.Client.Web.NavWebUISessionInitializer.InitializeCore(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebCommon\Session\NavWebUISessionInitializer.cs:Zeile 104.
   bei Microsoft.Dynamics.Nav.WebClient.NavWebClientUISessionInitializer.InitializeCore(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebClient\Session\NavWebClientUISessionInitializer.cs:Zeile 54.
   bei Microsoft.Dynamics.Nav.Client.Web.NavWebUISessionInitializer.Initialize(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebCommon\Session\NavWebUISessionInitializer.cs:Zeile 77.
   bei Microsoft.Dynamics.Framework.UI.Client.OpenFormExecutionStrategy.TryInitializeUiSession(UISession session) in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Client\Interactions\ExecutionStrategies\OpenFormExecutionStrategy.cs:Zeile 67.
   bei Microsoft.Dynamics.Framework.UI.Web.WebOpenFormExecutionStrategy.TryInitializeUiSession(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.Web\Interactions\ExecutionStrategies\WebOpenFormExecutionStrategy.cs:Zeile 61.
   bei Microsoft.Dynamics.Framework.UI.Client.OpenFormExecutionStrategy.Execute() in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Client\Interactions\ExecutionStrategies\OpenFormExecutionStrategy.cs:Zeile 41.
   bei Microsoft.Dynamics.Framework.UI.InteractionManager.<>c__DisplayClass8_0.<InvokeInteractions>b__3() in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Interactions\InteractionManager.cs:Zeile 125.
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection----------------------------------
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavAuthenticationException
Message: Sie können sich aufgrund eines technischen Problems nicht anmelden. Wenden Sie sich an Ihren Systemadministrator.
StackTrace:
   bei Microsoft.Dynamics.Nav.Client.FaultExceptionHelperClass.ConvertException(Exception ex, Func`1 productNameProvider, NavClientCredentialType credentialType) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\FaultExceptionHelperClass.cs:Zeile 298.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 414.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 216.
   bei Microsoft.Dynamics.Nav.Client.ServiceConnection.OpenConnection() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ServiceConnection.cs:Zeile 823.
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection----------------------------------
Type: System.ServiceModel.Security.MessageSecurityException
Message: Ein nicht gesicherter oder fehlerhaft gesicherter Fehler wurde vom anderen Teilnehmer empfangen. Den Fehlercode und Details finden Sie unter der inneren FaultException.
StackTrace:

Server stack trace:
   bei System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   bei System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   bei System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
   bei System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
   bei System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
   bei System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryGetChannel()
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel& channel)
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel& channel)
   bei System.ServiceModel.Channels.ReliableChannelBinder`1.Send(Message message, TimeSpan timeout, MaskingMode maskingMode)
   bei System.ServiceModel.Channels.SendReceiveReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last)
   bei System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
   bei System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
   bei System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   bei Microsoft.Dynamics.Nav.Types.Channels.ChunkingDuplexSessionChannel.OnOpen(TimeSpan timeout) in S:\Depot\NAV110\Platform\ClientServerShared\Prod.Types\Channels\ChunkingDuplexSessionChannel.cs:Zeile 97.
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   bei System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   bei System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

Exception rethrown at [0]:
   bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   bei System.ServiceModel.ICommunicationObject.Open()
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.CallOpenConnection(IAsyncNavService server, ConnectionRequest connectionRequest) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 527.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectFailedEventArgs connectFailedArgs, ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, SpnSetting spnSettingToTry, Boolean allowSpnSettingsSwap, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 340.
Source: mscorlib----------------------------------
Type: System.ServiceModel.FaultException
Message: Sie können sich aufgrund eines technischen Problems nicht anmelden. Wenden Sie sich an Ihren Systemadministrator.
StackTrace:

Source:


#3
Code:
Fehler beim Zugriff auf Website
Roh-URL:
URL:
Type: Microsoft.Dynamics.Nav.Types.NavCancelCredentialPromptException
Message: Eine Ausnahme vom Typ "Microsoft.Dynamics.Nav.Types.NavCancelCredentialPromptException" wurde ausgelöst.
StackTrace:
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.PromptForCredentials() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 1029.
   bei Microsoft.Dynamics.Nav.Client.ConnectionEstablisher.OpenConnection[TChannel](ConnectionRequest connectionRequest, ConnectionOptions connectionOptions, UserSettings& userSettings) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ConnectionEstablisher.cs:Zeile 194.
   bei Microsoft.Dynamics.Nav.Client.ServiceConnection.OpenConnection() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ServiceConnection.cs:Zeile 888.
   bei Microsoft.Dynamics.Nav.Client.ServiceConnection.Initialize() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.ServiceConnection\ServiceConnection.cs:Zeile 561.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceIsHandshakeNeeded(IService service) in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\AcsHandshakeHandler.cs:Zeile 92.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.AcsHandshakeHandler.InitializeServiceAndPerformAcsHandshakeIfNeeded() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\AcsHandshakeHandler.cs:Zeile 59.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.OpenConnectionToServer() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\BuilderSessionInitializer.cs:Zeile 255.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.InitializeCore() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\BuilderSessionInitializer.cs:Zeile 92.
   bei Microsoft.Dynamics.Nav.Client.FormBuilder.BuilderSessionInitializer.Initialize() in S:\Depot\NAV110\Platform\Client\Shared\Prod.Client.Builder\BuilderSession\BuilderSessionInitializer.cs:Zeile 76.
   bei Microsoft.Dynamics.Framework.UI.UISession.Initialize() in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Session\UiSession.cs:Zeile 1073.
   bei Microsoft.Dynamics.Nav.Client.Web.NavWebUISessionInitializer.InitializeCore(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebCommon\Session\NavWebUISessionInitializer.cs:Zeile 104.
   bei Microsoft.Dynamics.Nav.WebClient.NavWebClientUISessionInitializer.InitializeCore(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebClient\Session\NavWebClientUISessionInitializer.cs:Zeile 67.
   bei Microsoft.Dynamics.Nav.Client.Web.NavWebUISessionInitializer.Initialize(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.WebCommon\Session\NavWebUISessionInitializer.cs:Zeile 77.
   bei Microsoft.Dynamics.Framework.UI.Client.OpenFormExecutionStrategy.TryInitializeUiSession(UISession session) in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Client\Interactions\ExecutionStrategies\OpenFormExecutionStrategy.cs:Zeile 67.
   bei Microsoft.Dynamics.Framework.UI.Web.WebOpenFormExecutionStrategy.TryInitializeUiSession(UISession session) in S:\Depot\NAV110\Platform\Client\Web\Prod.Client.Web\Interactions\ExecutionStrategies\WebOpenFormExecutionStrategy.cs:Zeile 61.
   bei Microsoft.Dynamics.Framework.UI.Client.OpenFormExecutionStrategy.Execute() in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Client\Interactions\ExecutionStrategies\OpenFormExecutionStrategy.cs:Zeile 41.
   bei Microsoft.Dynamics.Framework.UI.InteractionManager.<>c__DisplayClass8_0.<InvokeInteractions>b__3() in S:\Depot\NAV110\Platform\Client\Shared\Prod.ClientFwk\Interactions\InteractionManager.cs:Zeile 125.
Source: Microsoft.Dynamics.Nav.Client.ServiceConnection

============================

Lösung

wie peinlich, aber manchmal sieht man den Wald vor lauter Bäumen nicht.
nach dem gefühlt 1000sten Blick ins Eventlog bin ich dann doch mal auf die Idee gekommen, mir auch die Warnungen anzusehen -> siehe da, das Zertifikat war nicht im Speicher f. Vertrauenswürdige Personen --> ok, reingepackt, geht immernoch nicht ---> hmmm, na dann den Zertifikatsvalidierungsmodus (im NST -> General -> Enable Certificate Validation) ausgestellt -> blub, bin dran. *Kopf->Tisch* für meine Dummheit

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Foren-ÜbersichtImpressum