CRM 2011 and Multiple ADFS providers - how to default a provider? RRS feed

  • Question

  • We have set up external federation with a secondary ADFS server on a test domain, and it works, but I am wondering if there is some way to tell CRM 2011 which ADFS server to use?

    For example, right now, the first time I log in to CRM, I am presented with a dropdown list of ADFS servers, and I have to select which one I would like to authenticate with. I would like to pass the 'whr' parameter in the querystring like this https://internalcrm.domain.com/org?whr=[homerealm] but CRM errors every time, even if I set the 'DisableParameterFilter' registry key (which does allow custom parameters in other places in CRM)

    [see http://blog.torresdal.net/CommentView,guid,D6640096-9C34-4B47-92C8-6CDAC5AB9AAE.aspx for some info on the whr parameter.]

    This is not a huge problem for users, as when you select a value once, it 'remembers' your selection via coo

    kie, but there are two potential issues that lead me to trying to specify the correct realm via URL instead of having ADFS present the dropdown.

    1. If you don't want users from external domains to see the list and have to choose the right value

    2. If you are creating integration applications and want to specify the correct authentication provider for the app.

    Does anyone have any more information or success using the 'whr' parameter with CRM 2011 to specify a default ADFS provider and skip the dropdown list?



    • Edited by Ken Heiman Thursday, September 8, 2011 4:49 PM
    Thursday, September 8, 2011 4:48 PM

All replies

  • I haven't been able to verify it yet, but I THINK this is the answer - as a wise person once said 'RTFM' - straight from the Claims-Based CRM Guide

    Ø  Use a sample administrative template (.adm) file

    Modify the following sample data to create an .adm file to use group policy to publish the HomeRealmUrl registry setting.


    CATEGORY "Microsoft Dynamics CRM"

            KEYNAME "Software\Policies\Microsoft\MSCRMClient"

            POLICY "Home Realm URL"

                            EXPLAIN "Allow Administrator to specify the Home Realm URL for federated domains."

                            PART "Specify Home Realm URL (example: https://adfs.contoso.com/adfs/services/trust/mex" EDITTEXT REQUIRED

                                            VALUENAME "HomeRealmUrl"

                            END PART

            END POLICY



    Friday, September 30, 2011 6:47 PM