I just configured claim based authentication, which works and now I've set up a federated trust to another federated domain (PSW.COM) using the instructions on the
microsoft whitepaper
but I'm struggling to add users from PSW.com.
I've tried PSW\username, username and username@psw.com but none seem to work.
Which on second re-reading of this http://social.microsoft.com/Forums/is/crm/thread/639b4fb5-172c-4c63-b095-addb847443d8 would suggest that I've done something wrong.
The bit I'm not 100% sure about is this one, setting up the federated trust
On the partner company’s federation server, create a relying party trust for the AD FS 2.0 server used with Microsoft Dynamics CRM Server 2011. Use the following settings:
- Data Source: the path to the AD FS 2.0 server used with Microsoft Dynamics CRM Server 2011 federation data.
- Rule type: Issuance Transform Rules
- Claim rule template: Send LDAP Attributes as Claims
- Claim rule name: LDAP UPN --> Claim UPN (or something descriptive)
- LDAP Attribute: User-Principal-Name
- Outgoing Claim Type:
UPN
What url I should use here, adfs 2.0 or CRM? I mean this https://adfs.com/federationmetadata/2007-06/federationmetadata.xml or https://crm.com/federationmetadata/2007-06/federationmetadata.xml
TIA
Musings on Information Technology
edit:
Forgot to add that the error on the trace log is rather unhelpful: Unable to find user user@psw.com under the AD root path or Unable to get find user psw\user: System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name
or bad password.