Planing and implementation of a Claims-based Authentication and IFD Configuration of CRM 2011 RRS feed

  • Question

  • Hello there,

    i have following plan.

    We want to install MS Crm 2011 at a customers Infrastructure.


    He has a Microsoft Forefront Server also Active Directory in use.

    We have one sql server one for crm 2011 available. The customer wants to access the CRM2011 over the internet with outlook and browser.

    So i need to configure a claimes-based authentication and IFD @ CRM 2011


    I have found a few nice blogs which describe the installation of this. Including ADFS 2.0.

    My question here is:

    When the customer has already ADFS 2.0 installed on a server for example on the forefront do i need a second one on the CRM 2011 server?

    If yes any hints where i need to pay attention when i configure this?


    If the customer has none ADFS 2.0 i would install ADFS 2.0 which is needed on the same server where CRM2011 is.

    How do i connect to the Forefront server?


    Would look like this i think:


    User (WAN) -> Forefront -> ADFS2.0 -> CRM 2011


    Hope someone has a few good ideas for me because it seems not so easy to implement IFD on CRM2011


    Thank you!


    Kind regards

    Wednesday, January 11, 2012 8:27 AM

All replies

  • Hi Hurrikane1982,

    I'll try to answer one of your questions, ADFS 2.0 does not need to be installed on the same server CRM 2011 is installed, ADFS 2.0 can be installed on a different server.

    See the Microsoft diagram:


    I would think that if you want to use Forefront and you already have ADFS 2.0 on this server, you would need to make sure CRM 2011 front end on the DMZ can also contact the forefront server.

    Also looking at your diagram user User (WAN) -> Forefront -> ADFS2.0 -> CRM 2011 this should also be possible.

    I hope this helps.


    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com
    Thursday, January 12, 2012 1:55 PM
  • Hey Nrodri,


    thank you for your reply.


    I found this blog entry about using Forefront with ADFS 2.0 and configuring a claims-based authentiaction and configuring IFD for MS CRM 2011.


    As there are no comments on the blog entry about the how-to i only have the option to test it.


    But i think it would be nice when the forum reads the how-to too and maybe gives here a comment about it, if it will work or maybe where I need to pay attention.






    Kind regards

    Thursday, January 12, 2012 2:44 PM