Sign in
Microsoft.com
 
Microsoft
 
 
 
Microsoft >
CRM 2011 with multiple ADFS servers

Answered CRM 2011 with multiple ADFS servers

  • Thursday, March 31, 2011 12:07 AM
     
     
    Sign In to Vote
    0
    I'm trying to set up a CRM 2011 IFD that will integrate with multiple ADFS 2.0 servers. I've gotten the Claims Based authentication to work with a single ADFS server (located in the same forest as the CRM server), but I need this to work in a way that allows us to accept claims that come from other forests that have ADFS running in them. I'm not entirely certain if this is even possible. Has anyone been able to get this type of setup working? What do I need to do to get this going?
     

All Replies

  • Thursday, March 31, 2011 6:58 PM
     
     Answered
    Sign In to Vote
    0
    Well, I answered my own question after some fiddling. I needed to create a claims trust on the CRM domain's ADFS server that pointed to the external domain's ADFS server, and then a Relying party trust on that ADFS server with the CRM ADFS. once that was done (and the CRM Claims setup was refreshed), it let me select which ADFS server to start from. After creating users in CRM based on the UPN of the external domain's users, I was able to get onto CRM using the external domain's credentials. Pretty spiffy.
    • Marked As Answer by acbrown2010 Thursday, March 31, 2011 6:58 PM
    •  
     
  • Tuesday, January 08, 2013 6:57 PM
     
     
    Sign In to Vote
    0

    Hello!

    We're currently facing a similar situation (two domains, CRM 2011 IFD leveraging ADFS instances to authenticate in both domains). We can point CRM to either domain and authenticate local to that domain, despite having setup a Claims Trust and Relying Party Trust between the two ADFS instances, are not able to the external domain ADFS server to show up as a selection option when authenticating in CRM.

    Any chance we can get an elaboration on how the Claims Trust and Relying party trust were set up/what claims rules to implement and if there was anything special from the CRM setup side to get this working? 

    Thanks,

     
  • Saturday, January 12, 2013 8:49 AM
     
     
    Sign In to Vote
    0

    @JoshuaC41 - you will probably get more response if you start your own thread and refer back to this one. Lots of regulars filter threads and only visit those which are not yet answered, so they may not even see that this question is here.

    If I understand your scenario, you have one ADFS server effectively relaying between CRM and the second domain. Have you tried just typing in the username in the format of domainB\username ? What happens?

    Hope this helps.
    Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
    Blog: Getting IT Right