I am sharing some useful information for CRM IFD environments where users could be from the same Active Directory Domain as the CRM/ADFS deployment or users may reside in a partner organization where there is federation trust between the Resource ADFS server and the User ADFS sever. Here is a pictorial presentation how federation Trust is configured.
Figure 1: Contoso Inc. has an IFD enabled CRM deployment with a Federation Trust configuration that allows AWC Inc (Adventure Works Cycles) users access to Contoso CRM deployment.
For other Active clients like the CRM for Outlook, this would be handled by HomeRealmUrl Registry value referenced at this TechNet page. For SDK clients like the Plugin Registration Tool (PRT) and the Unified Service Desk (USD) Client, the HomeRelamURL is specified in the Home Realm store XML configuration file.
The HomeRealmsStore.XML file should be in the same folder as the exe file for the client. The HomeRealmsStore.xml file should point to federated STS MEX (WS-MetadataExchange) endpoint. I was able to get the PRT working for a user from a federated domain by providing the metadata exchange endpoint URI of federated STS in the below XML.
Figure 2: HomeRealmstore.xml file pointing to mex endpoint of AWC STS.
With this file in same folder as the PRT(PluginRegistration.exe), PRT gives an option to authenticate against the federated STS like the below screenshot gives the “AWC STS” option in the Authentication Source dropdown.
Figure 3: Plugin Registration Tool Login dialog box.
Hope you find this helpful! Thank you!
Hi Bhavesh ,
I tried to do the same as i am not able to connect my CRM which is IFD using ADFS to Plugin registration tool.
i created the HomeRealmstore.xml file with same configuration as you have specified but i am not getting the option "AWC STS" in Plugin Registration Tool window.
can you tell me what can be missing ?
Could be XML file is not read as expected to identify the homerealmurl. I can think checking the file system calls for the xml file by plugin registration tool, may be procmon to validate file read is normal.