Microsoft Dynamics CRM for Phone and Tablets cannot connect to Dynamics CRM organization due to length of TokenLifetime

Applies to: Dynamics CRM 2013Microsoft Dynamics CRM 2013 Service Pack 1

Symptoms


When trying to setup a Microsoft Dynamics CRM organization in any of the Dynamics CRM mobile client applications, authentication enters a never ending loop in which the application seems to be trying to perform some authenticate, but does not complete.

Cause


Larger than default values for the TokenLifetime property in AD FS for the Relying Party can cause this authentication loop.

Resolution


The recommended value of the TokenLifetime should be set to the default value of 0, which means 600 minutes or 10 hours. Using the SSOLifetime option in the federation service instead can prevent the users from having to introduce their credentials too often in these Dynamics CRM mobile applications. The default value of SSOLifetime is 480 minutes or 8 hours.

More Information


How to change the SSO Lifetime Property of the ADFS: https://technet.microsoft.com/en-us/library/ee892317.aspx

How to change the TokenLifetime property of the ADFS Relying party thru powershell: https://technet.microsoft.com/en-us/library/gg188586(v=crm.6).aspx