Microsoft Dynamics CRM for Phone and Tablets cannot connect to Dynamics CRM organization due to length of TokenLifetime

This article provides a resolution for the issue that Microsoft Dynamics CRM for Phone and Tablets can't connect to Dynamics CRM organization due to length of the TokenLifetime property.

Applies to:   Microsoft Dynamics CRM 2013, Microsoft Dynamics CRM 2013 Service Pack 1
Original KB number:   3034570

Symptoms

When trying to set up a Microsoft Dynamics CRM organization in any of the Microsoft Dynamics CRM mobile client applications, authentication enters a never-ending loop in which the application seems to be trying to perform some authenticate, but does not complete.

Cause

Larger than default values for the TokenLifetime property in AD FS for the Relying Party can cause this authentication loop.

Resolution

The recommended value of the TokenLifetime should be set to the default value of 0, which means 600 minutes or 10 hours. Using the SSOLifetime option in the federation service instead can prevent the users from having to introduce their credentials too often in these Microsoft Dynamics CRM mobile applications. The default value of SSOLifetime is 480 minutes or 8 hours.

More information

How to change the SSO Lifetime property of the ADFS, see Set-ADFSProperties.

How to change the TokenLifetime property of the ADFS Relying party through PowerShell, see Claims-based authentication and security token expiration.