Wednesday, August 5, 2015

Session Time out in CRM

If you have any doubt in the post please post comments. I will try to solve your problem.

In CRM,after a period of time session would expire and back to sign page.

Once you deploy ADFS in a functional environment, the users will generally receive timeout requests, or requests to log back in, which can quickly become an issue within an 8 hour shift (480 minutes).

ADFS
Active Directory Federation Services (ADFS) is used by Microsoft Dynamics CRM for an Internet Facing Deployment (IFD).  Relying Parties are used to allow users to be authenticated when trying to access Microsoft Dynamics CRM.

The solution is to set the ADFS Timeout. The ADFS timeout determines how long the claims token will live in the system before requiring a re-authentication or signin from the user. This can be set on the internal and external sides of ADFS. You will need to know the names of your ADFS relying party trusts.

Step:1
Open the deployment manager and check type of authentication enabled in CRM.If claim or IFD is an enabled

Step:2
Check which server ADFS is available. It is not sure ADFS lies has in same application server.

Step:3
To begin, open the ADFS Management Console:
  
Open the left hand navigation, expand relying parting trusts to find the display names:
Now, run the Windows Powershell from the machine with ADFS installed.

For Windows 2008 Server, you will need to add the PSSnapin from the ADFS Command Prompt:


(In Windows 2012 and later, the ADFS role is pre-installed and you can move on to the next step.)


Using the Internal Relying Party Trust Display Name from the ADFS wizard above, enter this command where the dev.mydomain.com is the name of your internalcrm ADFS Relying Party Trust Display Name.
 
The last line of the results specific TokenLifetime will say how long the current time out is set.

Set the timeout to 480 for 8 hours ( minute increments). Example below is (240).


Now, set the timeout is set. You can follow the same steps to review or set your external timeout as well. It's not a good security practice to set your external lifetime greater than 1 hour, as somebody who logins in remotely and forgets to logout, the session will be active until that timeout period is reached.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.