Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Deploy CRM ADFS with SSL and HTTP RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    We deployed ADFS on the same server as CRM server according to microsoft guidelines, so now the webservices are accessed like this:

    https://orgname.fqdn.com:444/orgname/XRMServices/2011/Organization.svc?wsdl (Internet Facing Deployment URL)

    Can I still provide access to Web Services with HTTP like this?

    http://orgname.fqdn.com:5555/orgname/XRMServices/2011/Organization.svc?wsdl

    Or if I use one option I can not use the other one?

    Many thanks

    Monday, January 21, 2013 9:50 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    From the 'Microsoft Dynamics CRM 2011 and Claims-base Authentication Guide':

    Microsoft Dynamics CRM Server 2011 and AD FS 2.0 conditions

    Before you configure claims-based authentication, note the following conditions for the Web components:

    • If you are installing Microsoft Dynamics CRM Server 2011 in a single server configuration, be aware that AD FS 2.0 installs on the default Web site. Therefore, you must create a new Web site for Microsoft Dynamics CRM Server 2011.
    • Before you enable claims-based authentication, Microsoft Dynamics CRM Server 2011 must be running on a Web site that has been configured to use Secure Sockets Layer (SSL). Microsoft Dynamics CRM Server Setup will not configure the Web site for SSL.
    • Microsoft Dynamics CRM Server 2011 must be running on a Web site that has a single binding. Multiple IIS bindings, such as a Web site with two HTTPs or two HTTP bindings, are not supported for running Microsoft Dynamics CRM Server 2011.
    • When claims-based authentication is enabled, HTTPS must be used in your browser for both internal and external access to Microsoft Dynamics CRM Server 2011

    To paraphrase; once CRM 2011 is enabled for Claims Based Authentication via ADFS 2.0, you can access CRM ONLY via a single, HTTPS binding.

    --pogo (pat) @ pogo69.wordpress.com

    Tuesday, January 22, 2013 5:55 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Are you wanting to simply sign in through IE or will you be connecting through Outlook, Adapters, etc.

    If you simply want to login with IE you can just fine as long as you dont remove the http binding off the CRM Website.

    Monday, January 21, 2013 10:20 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    From the 'Microsoft Dynamics CRM 2011 and Claims-base Authentication Guide':

    Microsoft Dynamics CRM Server 2011 and AD FS 2.0 conditions

    Before you configure claims-based authentication, note the following conditions for the Web components:

    • If you are installing Microsoft Dynamics CRM Server 2011 in a single server configuration, be aware that AD FS 2.0 installs on the default Web site. Therefore, you must create a new Web site for Microsoft Dynamics CRM Server 2011.
    • Before you enable claims-based authentication, Microsoft Dynamics CRM Server 2011 must be running on a Web site that has been configured to use Secure Sockets Layer (SSL). Microsoft Dynamics CRM Server Setup will not configure the Web site for SSL.
    • Microsoft Dynamics CRM Server 2011 must be running on a Web site that has a single binding. Multiple IIS bindings, such as a Web site with two HTTPs or two HTTP bindings, are not supported for running Microsoft Dynamics CRM Server 2011.
    • When claims-based authentication is enabled, HTTPS must be used in your browser for both internal and external access to Microsoft Dynamics CRM Server 2011

    To paraphrase; once CRM 2011 is enabled for Claims Based Authentication via ADFS 2.0, you can access CRM ONLY via a single, HTTPS binding.

    --pogo (pat) @ pogo69.wordpress.com

    Tuesday, January 22, 2013 5:55 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I think what that is saying is that you cannot have two HTTP binding or two HTTPS bindings on the same site. I can confirm that you can have a HTTP and a HTTPS binding on the same CRM Website with no issues if CRM and ADFS are on different servers. I have not tested when having ADFS and CRM on the same server but I wouldn't see why it wouldn't work as long as you configure you Outlook Client, Email Router and other connectors to point to the URL you have specified in Deployment Manager

    Tuesday, January 22, 2013 8:01 PM