Thursday, March 31, 2011 12:07 AMI'm trying to set up a CRM 2011 IFD that will integrate with multiple ADFS 2.0 servers. I've gotten the Claims Based authentication to work with a single ADFS server (located in the same forest as the CRM server), but I need this to work in a way that allows us to accept claims that come from other forests that have ADFS running in them. I'm not entirely certain if this is even possible. Has anyone been able to get this type of setup working? What do I need to do to get this going?
Thursday, March 31, 2011 6:58 PMWell, I answered my own question after some fiddling. I needed to create a claims trust on the CRM domain's ADFS server that pointed to the external domain's ADFS server, and then a Relying party trust on that ADFS server with the CRM ADFS. once that was done (and the CRM Claims setup was refreshed), it let me select which ADFS server to start from. After creating users in CRM based on the UPN of the external domain's users, I was able to get onto CRM using the external domain's credentials. Pretty spiffy.
- Marked As Answer by acbrown2010 Thursday, March 31, 2011 6:58 PM
Tuesday, January 08, 2013 6:57 PM
We're currently facing a similar situation (two domains, CRM 2011 IFD leveraging ADFS instances to authenticate in both domains). We can point CRM to either domain and authenticate local to that domain, despite having setup a Claims Trust and Relying Party Trust between the two ADFS instances, are not able to the external domain ADFS server to show up as a selection option when authenticating in CRM.
Any chance we can get an elaboration on how the Claims Trust and Relying party trust were set up/what claims rules to implement and if there was anything special from the CRM setup side to get this working?
Saturday, January 12, 2013 8:49 AM
@JoshuaC41 - you will probably get more response if you start your own thread and refer back to this one. Lots of regulars filter threads and only visit those which are not yet answered, so they may not even see that this question is here.
If I understand your scenario, you have one ADFS server effectively relaying between CRM and the second domain. Have you tried just typing in the username in the format of domainB\username ? What happens?
Hope this helps.
Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
Blog: Getting IT Right