locked
Online Federated authentication with CRM 2013 Online with Office 365 RRS feed

  • Question

  • Hi,

    Our client is using CRM 2013 Online with 365 and we have a SmartClient app that needs to authenticate with CRM using federated authentication. The AD users are synhronized with O365 using PingFederate. While researching I found this MSDN article which details various authentication scenarios. For OnlineFederated authentication it states to uncomment the line wthin GetCredentials method, that passes the user's principal name instead of username and password. Below are the code modifcations I did:

    Original code:

    // For Federated and OnlineFederated environments.                    
                        authCredentials.ClientCredentials.UserName.UserName = _userName;
                        authCredentials.ClientCredentials.UserName.Password = _password;
                        // For OnlineFederated single-sign on, you could just use current UserPrincipalName instead of passing user name and password.
                        // authCredentials.UserPrincipalName = UserPrincipal.Current.UserPrincipalName;  // Windows Kerberos

    Updated code:

    //authCredentials.ClientCredentials.UserName.UserName = _userName;
                        //authCredentials.ClientCredentials.UserName.Password = _password;
                        // For OnlineFederated single-sign on, you could just use current UserPrincipalName instead of passing user name and password.
                         authCredentials.UserPrincipalName = userPrincipalName;  // Windows Kerberos
    if (endpointType == AuthenticationProviderType.OnlineFederation)
                        {
                            //IdentityProvider provider = service.GetIdentityProvider(authCredentials.ClientCredentials.UserName.UserName);
                            IdentityProvider provider = service.GetIdentityProvider(authCredentials.UserPrincipalName);
                            if (provider != null && provider.IdentityProviderType == IdentityProviderType.LiveId)
                            {
                                authCredentials.SupportingCredentials = new AuthenticationCredentials();
                                authCredentials.SupportingCredentials.ClientCredentials =
                                    Microsoft.Crm.Services.Utility.DeviceIdManager.LoadOrRegisterDevice();
                            }
                        }

    And now I am getting this error and not sure how to get past that...

    "Value cannot be null.

    Parameter name: authenticationCredentials.SecurityTokenResponse"

    Has anyone got this code working or has any feedback on how to get this working?

    /Ashar


    Friday, May 9, 2014 11:22 PM