Authenticating with client certificates for on-premise CRM 2011 RRS feed

  • Question

  • Hi,

    We have a Java-based application running on JBoss that we wish to connect to an on-premise instance of CRM 2011 using the published SOAP interface.

    All connections from the Java application to CRM will be under a single CRM user.

    We would like to use mutual (2-way) SSL authentication between the JBoss and IIS/CRM server to provide encryption and authentication.

    IIS supports the mapping of a client certificate to a Windows domain account (http://www.iis.net/ConfigReference/system.webServer/security/authentication/iisClientCertificateMappingAuthentication).

    My question is, will CRM successfully perform the requested actions under the user credentials IIS has mapped?  I couldn't find anything to explicitly confirm this out there on www.



    Monday, June 25, 2012 8:51 AM

All replies

  • I know this isn't that helpful, but I'm very interested in what you find.

    I /suspect/ that if you are on-premise, using Active Directory authentication only (NOT claims-based or IFD) you /may/ be able to get this to work. With IFD/claims, though, I haven't had any luck connecting to the web services without configuring and encrypting a user/pw due to the way the credentials are established.

    We have implemented something similar with 2-way TLS for server-server communications between weblogic/apache and CRM but did /not/ use the certificate mapping functionality to try to generate the credentials.

    Wednesday, June 27, 2012 4:57 PM