locked
Single Sign On between Dynamics NAV 2015 and SharePoint Online (Azure Active Directory) RRS feed

  • Question

  • Hello everyone,

    My main goal relating to this problem is that I want to integrate SharePoint Online, hosted on the cloud not on premise, with Dynamics NAV 2015, also hosted on the cloud on an Azure VM. I believe the best way to do this is by taking the steps on the following guide:

    https://msdn.microsoft.com/en-us/library/dn271706(v=nav.80).aspx

    It is definitely a helpful guide, but I'm confused on certain parts. In particular, in order to obtain Single Sign On (SSO) which is a necessary step the guide refers to this sub-guide:

    https://msdn.microsoft.com/en-us/library/dn414569(v=nav.80).aspx

    On this sub-guide is a section titled "Configuring Microsoft Dynamics NAV Server for Azure AD". I have been able to figure the rest out just fine, but this section is very confusing. I'm stuck at the part where it mentions the following:

    "To configure SOAP and OData web services for Azure AD authentication, in the Microsoft Dynamics NAV Server configuration, you must specify the App ID URI that is registered for Microsoft Dynamics NAV in the Azure AD. The App ID URI is typically the same as the wtrealmparameter value of the ACSUri setting in the configuration files for the Microsoft Dynamics NAV Web client and Microsoft Dynamics NAV Windows client."

    I honestly do not understand what it is trying to tell me. I am new to NAV and Azure AD, and I can't tell if it wants me to make an App in Azure AD then enter that value somewhere into NAV, or if NAV should supply me with information to put into AD, etc. It mentions the 'ACSUri' and 'wtrealmparameter' values but I cannot find either one in any of the configuration files I've looked at.

    If anyone has more insight into this process or a better guide than what Microsoft has provided I would be very grateful. Please let me know if I didn't put enough information down or if I'm missing a key detail. I'm basically just trying to follow the guide provided, but can't parse the information well enough. Thank you in advance for taking a look!

    Monday, July 6, 2015 4:30 PM

All replies

  • I'll continue to update this page as I find more information in case it helps someone in the future.

    Currently I realized that I was testing in a 2013 R2 server instance instead of 2015. In 2013 R2 those parameters simply do not exist. In 2015 they can be located in the web.config file which should be located on this path: ‪C:\inetpub\wwwroot\DynamicsNAV80\web.config

    However the value for the ACSUri parameter is blank.

    In the config file it offers the following hints:

    Specifies the sign-in page that Microsoft Dynamics NAV redirects to when configured for Single Sign-On.     

    For Azure AD (Office 365) authentication, the ACSUri setting has the following format:           

    https://login.windows.net/<AAD TENANT ID>/wsfed?wa=wsignin1.0%26wtrealm=<APP ID URI>         

    Where           

    "<AAD TENANT ID>" is the ID of the Azure AD tenant, for example "CRONUSInternationLtd.onmicrosoft.com".

    Use "common" if the application  is configured as a multitenant Azure AD application.

    "<APP ID URI>" is the ID that was assigned to the Microsoft Dynamics NAV application when it was registered in Azure AD, for example "https://localhost/".

    Once I am able to upgrade my test server to 2015 I will give this a try. I believe I need to create a fresh app in Azure AD, as there is no default NAV app available from what I can see. My only confusion comes from the first quoted text in a prior post:

    "The App ID URI is typically the same as the wtrealmparameter value of the ACSUri setting in the configuration files for the Microsoft Dynamics NAV Web client and Microsoft Dynamics NAV Windows client."

    I believe this is worded poorly. It looks like it is trying to say that 'App ID URI' = 'wtrealm' WITHIN the ACSUri setting. I will act upon that assumption and see what happens.

    Tuesday, July 7, 2015 1:34 PM