In Step1 we looked at configuring the CRM platform with the aid of Deployment Manager GUI to enable claims based authentication. In this post we will look at the steps involved in configuring Relying Party trust in AD FS. Microsoft has provided a detailed guide here. I did find some issues while configuring the claims rule set and will highlight it as we walk through the steps.

1. Create rule for Claims provider trust (Active Directory) for UPN

Right click choose Edit Claims and then “Add Rule..” in the dialog box

Click Finish to add this Rule, the Acceptance Transform Rules looks like

 

2. Create Relying Party trust, choose Relying Party Trust in the AD FS Management console.

Once the above steps are completed the Edit Claims Rules dialog box opens up where we configure the Rules.

 

 

Edit Global Primary Authentication policy to enable Forms Based Authentication.

 

Once the above steps are completed go DEV-WFE01 and try accessing the CRM organization I have set up an org called ACM. (could be any name)

https://xrm.dev.local/ACM comes up with the following:

This will redirect to:

https://sts.dev.local/adfs/ls/wia?wa=wsignin1.0&wtrealm=https%3a%2f%2fxrm.dev.local%2f&wctx=rm%3d1%26id%3dc68e12fd-17d4-4b11-aa86-1cd38f8c1784%26ru%3d%252fACM%252fdefault.aspx&wct=2015-11-22T19%3a12%3a23Z&wauth=urn%3afederation%3aauthentication%3awindows

and once successful will display the main page of CRM Organization:

 

 

This completes configuring claims based authentication for Dynamics CRM platform