Breaking news from around the world
Get the Bing + MSN extension
Now Available in Community - MBAS 2019 Presentation Videos
Catch the most popular sessions on demand and learn how Dynamics 365, Power BI, PowerApps, Microsoft Flow, and Excel are powering major transformations around the globe. | View Gallery
2019 release wave 2 Discover the latest updates to Dynamics 365Release overview guides and videos Release Plan | Early Access Availability
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Talent TechTalks | Upcoming TechTalks
I am sharing some useful information for CRM IFD environments where users could be from the same Active Directory Domain as the CRM/ADFS deployment or users may reside in a partner organization where there is federation trust between the Resource ADFS server and the User ADFS sever. Here is a pictorial presentation how federation Trust is configured.
Figure 1: Contoso Inc. has an IFD enabled CRM deployment with a Federation Trust configuration that allows AWC Inc (Adventure Works Cycles) users access to Contoso CRM deployment.
For other Active clients like the CRM for Outlook, this would be handled by HomeRealmUrl Registry value referenced at this TechNet page. For SDK clients like the Plugin Registration Tool (PRT) and the Unified Service Desk (USD) Client, the HomeRelamURL is specified in the Home Realm store XML configuration file.
The HomeRealmsStore.XML file should be in the same folder as the exe file for the client. The HomeRealmsStore.xml file should point to federated STS MEX (WS-MetadataExchange) endpoint. I was able to get the PRT working for a user from a federated domain by providing the metadata exchange endpoint URI of federated STS in the below XML.
Figure 2: HomeRealmstore.xml file pointing to mex endpoint of AWC STS.
With this file in same folder as the PRT(PluginRegistration.exe), PRT gives an option to authenticate against the federated STS like the below screenshot gives the “AWC STS” option in the Authentication Source dropdown.
Figure 3: Plugin Registration Tool Login dialog box.
Hope you find this helpful! Thank you!
Could be XML file is not read as expected to identify the homerealmurl. I can think checking the file system calls for the xml file by plugin registration tool, may be procmon to validate file read is normal.
Hi Bhavesh ,
I tried to do the same as i am not able to connect my CRM which is IFD using ADFS to Plugin registration tool.
i created the HomeRealmstore.xml file with same configuration as you have specified but i am not getting the option "AWC STS" in Plugin Registration Tool window.
can you tell me what can be missing ?
Business Applications communities