The Service account should received token from the KDC if you set it to relay and trust in the Active Directory.
CRM can't issue token, only the KDC can assign a token for both online and on-premise.
Then CRM can use the token to
Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question.
Thanks for the reply. I found that ADFS (Active Directory Federation Services) setup is needed and I also found that Active Directory means it will use PC logged in user credentials (Windows credentials), but I don't want it to use Windows credentials. What
I want is on authentication to MS CRM in our application MS CRM should provide access key or secret key and this key I should be able to use in my another application to access the data from MS CRM without the need of re-authentication.
e.g. Consider I have two different web applications, one is for administrator and second is for users. Only administrator can authenticate to MS CRM via his web application and on authentication MS CRM should provide some keys that I store in our global
database. Users use their web applications and use this key stored in the global database to access data from MS CRM without the need of authentication by users. So users can access data just by using the keys. I want to implement this feature in my application.