Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Users need to be configured within the Identity Server in order to perform authentication. This can be done by manually adding users to the Identity Server or connecting directly to an LDAP server. The only requirements are that the user records represented in the Identity Server have a username field in the format of username@domain.com or DOMAIN\username in order to correctly log in to CRM, and that username field matches a username field within CRM.

...

Within the service provider, in the inbound authentication section, a Passive STS realm must be defined under the WS-Federation (Passive) Configuration area. This value should match the CRM server URL. Typically, it will be in the format https://servername.domain.com/ (for non-IFD) or https://orgname.domain.com/ (for IFD). For IFD servers, one server provider must be created for each organization, with each one having the specific organization's URL set as the Passive STS Realm in the Inbound WS-Federation authentication settings. Ensure that the trailing "/" is included, as CRM appends this by default to all its endpoints and the values must match exactly.

  1. Sign in. Enter your username and password to log on to the Management Console
  2. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
  3. Fill in the Service Provider Name and provide a brief Description of the service provider.
  4. Expand the Inbound Authentication Configuration section followed by the WS-Federation (Passive) Configuration section.
  5. Enter an appropriate value for the Passive STS Realm as explained above.
  6. Expand the Claim Configuration section. Claims must be configured in order to log the requester into CRM as the correct user. Microsoft Dynamics CRM expects two specific claims returned from the STS. They are as follows.

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

    In order to retrieve these values from WSO2, map the local claim value to the CRM value. In the Subject Claim URI, select the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim. This example assumes that the http://wso2.org/claims/logonname contains the username field and the https://wso2.claims/upn contains a DOMAIN\username or username@domain.com formatted field that matches up to a username that exists in the CRM organization that is being accessed.

  7. Click Update.

...