locked
SSO for CRM 2013 without ADFS RRS feed

  • Question

  • Hello all,

    I am trying to use a token and generate a session (cookies) for accessing CRM from another site (portal/platform).

    I had this HttpModule prepared for the impersonation, but CRM's application pool runs in Classic mode and I get an error saying that the code on the module must be run in integrated mode. As a note, the first authentication (in the platform) is not WindowsAuthentication.

    What would be the best approach for creating the windows identity principal and access CRM?

    I am currently trying to put a 'proxy' site which would handle the token received and generate the windows identity, then call the CRM with the session created, but there must be a missing step since I still get the popup to enter credentials.

    I've read that using redirect (which I'm using for calling the CRM site) disregards the previous session, but I dont really know how to reach the CRM site.

    Thanks,

    Florin

    Friday, April 10, 2015 12:18 PM

All replies

  • Bump?
    Wednesday, April 15, 2015 10:59 AM
  • I think the only supported way to do SSO with CRM are:

    • The (relatively) trivial where you use Windows Authentication, and the browser automatically logs the user on. Mentioned for completeness, but not relevant here, as you say you're not using Windows Authentication
    • Use Claims authentication, using either ADFS or an alternate token service. There's very little documentation on how to do this other than with ADFS, but I think this is probably the route you'd have to take.

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Wednesday, April 15, 2015 2:06 PM
    Moderator
  • Thanks for your reply, David, but I'd rather not use claims.

    I'll play some more with this proxy site and see if I come to a conclusion.


    Friday, April 17, 2015 7:15 AM
  • The only supported authentication options for OnPremise are Windows Authentication or Claims Authentication, so if you're not using Windows Authentication, then Claims is your only option

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Friday, April 17, 2015 12:23 PM
    Moderator