Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel3
minLevel3

Configuring user stores

Users need to be configured within the Identity Server in order to perform authentication. This can be done by manually adding users to the Identity Server or connecting directly to an LDAP server. The only requirements are that the user records represented in the Identity Server have a username field in the format of username@domain.com or DOMAIN\username in order to correctly log in to CRM, and that username field matches a username field within CRM.

Configuring the service provider

Within WSO2, a service provider needs to be created to represent the Microsoft Dynamics CRM server that requests for tokens. The only two items that must be setup within the service provider configuration are the inbound authentication WS-Federation (Passive) configuration, and the claims configurations. If CRM is also configured for IFD, a service provider needs to be created to represent each organization that requests for tokens due to how CRM handles the organization's URLs.

...

  1. Sign in. Enter your username and password to log on to the Management Console
  2. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
  3. Fill in the Service Provider Name and provide a brief Description of the service provider.
  4. Expand the Inbound Authentication Configuration section followed by the WS-Federation (Passive) Configuration section.
  5. Enter an appropriate value for the Passive STS Realm as explained above.
  6. Expand the Claim Configuration section. Claims must be configured in order to log the requester into CRM as the correct user. Microsoft Dynamics CRM expects two specific claims returned from the STS. They are as follows.

    In order to retrieve these values from WSO2, map the local claim value to the CRM value. In the Subject Claim URI, select the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim. This example assumes that the http://wso2.org/claims/logonname contains the username field and the https://wso2.claims/upn contains a DOMAIN\username or username@domain.com formatted field that matches up to a username that exists in the CRM organization that is being accessed.

  7. Click Update.

Configure Microsoft Dynamics CRM

In order to authenticate with a security token service, CRM expects federation metadata that contains specific details about the service. It requires the certificate that the STS uses to sign the responses as well as the passive STS endpoint for the WSO2 server, in addition to the claims expected. A sample file can be downloaded from here. This file needs to be hosted somewhere accessible to the CRM server. For the purposes of testing this scenario, you can add it to the wwwroot folder for easy access.

...