Dynamics CRM Plugin Registration Tool and Unified Service Desk(USD) Client in Federated IFD environment

I am sharing some useful information for CRM IFD environments where users could be from the same Active Directory Domain as the CRM/ADFS deployment or users may reside in a partner organization where there is federation trust between the Resource ADFS server and the User ADFS sever. Here is a pictorial presentation how federation Trust is configured.

Figure 1: Contoso Inc. has an IFD enabled CRM deployment with a Federation Trust configuration that allows AWC Inc (Adventure Works Cycles) users access to Contoso CRM deployment.

For other Active clients like the CRM for Outlook, this would be handled by HomeRealmUrl Registry value referenced at this TechNet page. For SDK clients like the Plugin Registration Tool (PRT) and the Unified Service Desk (USD) Client, the HomeRelamURL is specified in the Home Realm store XML configuration file.

The HomeRealmsStore.XML file should be in the same folder as the exe file for the client. The HomeRealmsStore.xml file should point to federated STS MEX (WS-MetadataExchange) endpoint. I was able to get the PRT working for a user from a federated domain by providing the metadata exchange endpoint URI of federated STS in the below XML.

Figure 2: HomeRealmstore.xml file pointing to mex endpoint of AWC STS.

With this file in same folder as the PRT(PluginRegistration.exe), PRT gives an option to authenticate against the federated STS like the below screenshot gives the “AWC STS” option in the Authentication Source dropdown.

 Figure 3: Plugin Registration Tool Login dialog box.

Hope you find this helpful! Thank you!

Bhavesh Shastri