We help IT Professionals succeed at work.

CRM 2011 IFD Details

740 Views
Last Modified: 2012-03-30
Hi

I need an explanation and/or links on how to configure CRM 2011 as an IFD app using ADFS.  I may also need additional details on how it works once I have it configured.

Thanks
Comment
Watch Question

Feridun KadirPrincipal Consultant
CERTIFIED EXPERT

Commented:
Have you seen the Microsoft document on how to configure ADFS (claims-based authentication)?

You can get it here, http://www.microsoft.com/download/en/details.aspx?id=3621

Download the file Microsoft Dynamics CRM 2011 and Claims-based Authentication.doc.

Let me know if you need more information.
Chief Technology Ninja
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks, I will look over both items that you have recommended.  Once I have it implemented or run into any roadblocks, I will be back with questions.  My real problem is, that once I understand it, I have to explain how ADFS and claims based authentication works to some developers.
Feridun KadirPrincipal Consultant
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Can you tell me how to create a self-signed wildcard certificate when the server (Windows 2008) is using IIS7?  I have searched and received all sorts of information from "you can't create a self-signed wildcard certificate using IIS7" (always includes the machine name) to use selfssl (from IIS6) but cannot figure how to use this tool (there is nothing under my IIS6 Manager.

Thanks for your help.
Feridun KadirPrincipal Consultant
CERTIFIED EXPERT

Commented:
On my system (I have Win 2008), in IIS:
Click on the server name
In Features View under IIS click Server Certificates
In the Actions pane on the right, click Create Self-Signed Certificate

Microsoft do not recommend self-signed certificates for CRM though they can be used.

Author

Commented:
Thanks, tried that but how do I make it a wild card (e.g. *.contoso.com)?  When I add the friendly name, it automatically adds the machine name.  

(Note: this is a test install to become very familar with the process of IFD/ADFS, in production a certficate would be purchased from a CA)
Feridun KadirPrincipal Consultant
CERTIFIED EXPERT

Commented:
Ah, yes IIS cannot generate a wildcard self-signed certificate.

I think you will have to use Active Directory Certificate Services with the certreq command line.
Chinmay PatelChief Technology Ninja
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hi apollo7,

This link demonstrates how you can generate a self signed wild card certiifcate and also you will see how you can use it for host binding[You will encounter this issue sooner or later when you are dealing with wildcard certificates :)]
Check : http://blog.mikeobrien.net/2008/09/creating-self-signed-wildcard.html


Regards,
Chinmay.

Author

Commented:
Can either of you tell me if a Domain Signed certificate would work as well as Self Signed cert for testing and setting up a CRM 2011 IFD with ADFS and claims based authentication?
(Since this is a pure test setup, the wildcard cert I want to get to is *.contoso.com)

Also, can someone explain the techical differences between domain signed and self signed (besides that it is a different choice in IIS) or give me a link that explains the differences?

Thanks
Feridun KadirPrincipal Consultant
CERTIFIED EXPERT

Commented:
I'm not sure about domain-signed certificates but a self-signed certificate is where a host has issued a certificate and signed it. The whole basis of certificates is one of trust. A certificate in this case is used to encrypt web traffic. The trust issue is does the client machine trust that the certificate is genuine. A self-signed certificate will not by default be trusted by client PCs.
A third-party certificate issues by Verisign, Go Daddy etc will by default be trusted by most browsers.
I'm guessing that on an internal network a domain-signed certificate will be trusted by default by client PCs that are part of the domain - but this is a guess.
Chinmay PatelChief Technology Ninja
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
A domain signed certificate is the one which is issued by a domain's Root Certification Authority[If you dont have a root CA installed, you can get a third party certificate as well]

And yes feridun is right. 'cause your domain's root CA is trusted by all domain clients, the certificates issued by domain root CA are trusted by all clients.

Author

Commented:
Thanks, Chinmay and feridun - I was trying all the options that you suggested and at some point realized that each method needs a root CA.  I didnt know what my root CA was so after some investigating I discovered the fun of adding and configuring the AD certificate services and creating everything that I need there.

Luckily I came across a very nice video on this, so it is going well.  Then I can circle back to a creating domain signed or self signed certificate.

I will let you know if I have other questions - great learning experience.

Thanks

Author

Commented:
Thanks for the assistance, finally worked through this problem and was helped a great deal by the comments of both of you.
Chinmay PatelChief Technology Ninja
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
THANKS!!! Your reply pushed me beyond total of 500K points in Dynamica TA :)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.