Answered by:
CRM 2011 IFD question

Question
-
Hi folks, i have internal domain company.local, crm server 2011 is running on a machine crm.company.local and Claimbased authentication works fine. Now I am stuck with IFD configuration. Do I need ADFS 2.0 Proxy for accessing my CRM server from the internet? External namespace is company.com, where should I direct my public IP addresses ? All to external interface of ADFS proxy? Can I publish proxy with TMG 2010, or do I have to configure public IPs directly on proxy.
Is there any guide for this configuration? Regards,
Marek
Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)Thursday, December 22, 2011 8:08 AM
Answers
-
You may find the following links helpful:
http://blogs.msdn.com/b/crm/archive/2011/01/13/configuring-ifd-with-microsoft-dynamics-crm-2011.aspx
http://www.microsoft.com/download/en/details.aspx?id=3621 (look for the link to claims-based authentication)
I'm not aware that you need the ADFS 2.0 proxy, just ADFS 2.0. But I guess this depends on the configuration of your network.
- Marked as answer by Marek ChmelMVP Tuesday, January 3, 2012 4:55 PM
Thursday, December 22, 2011 12:52 PMModerator
All replies
-
You may find the following links helpful:
http://blogs.msdn.com/b/crm/archive/2011/01/13/configuring-ifd-with-microsoft-dynamics-crm-2011.aspx
http://www.microsoft.com/download/en/details.aspx?id=3621 (look for the link to claims-based authentication)
I'm not aware that you need the ADFS 2.0 proxy, just ADFS 2.0. But I guess this depends on the configuration of your network.
- Marked as answer by Marek ChmelMVP Tuesday, January 3, 2012 4:55 PM
Thursday, December 22, 2011 12:52 PMModerator -
Thanks for the links, but still they dont explain the configuration of adfs and adfs proxy (and possible TMG publishing).
In all the guides the ad domain name space is the same like external name space and there is usually no firewall in place.
Anyone has some idea?
Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)Monday, December 26, 2011 4:46 PM -
Hi Marek,
Please go through the implementation manual to configure IFD and check this link to create and publish web rules in TMG.
http://www.dynamicsexchange.com/Blogs/user.aspx?Tableid=285
Regards,
Khaja Mohiddin|||||http://www.dynamicsexchange.com/Tuesday, December 27, 2011 9:58 AM -
There is hardly anything usefull in all the impl guides - Im stuck with a simple questing / deisng consideration.
Internal domain name - company.local
External name - company.com
Claimbased works fine for crm.company.local
Do I / Dont I need a ADFS proxy to allow access to my CRM externaly (would like to use auth.company.com or whatever else).
I have setup a adfs proxy (trust estabilished OK) but when i try to add a relying party trust i got a 403 error (name auth.company.com has an IP of the ADFS Proxy, is that correct?)
Topology
Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)Wednesday, December 28, 2011 3:42 PM -
Marek, you do not need an adfs proxy to access crm 2011 externally using IFD. You only need ADFS and the two sets of relying party rules, one for internal access and one for external access.
I fount the document at this location http://www.microsoft.com/download/en/details.aspx?id=3621 (look for the link to claims-based authentication) to be helpful.
Tuesday, January 3, 2012 4:11 PMModerator