Dynamics CRM Integration Guide

Prerequisites

The following must be installed and configured in order to complete the configuration:

  • Install (in your JDK) the Unlimited Strength Java TM Cryptographic Extension (JCE) Policy Files in order to use the AES-256 encryption algorithm used by Dynamics CRM.

  • Install PingFederate 6.11 or higher.

    If you need to support active clients, such as native desktop applications, for use with Dynamics CRM, ensure that PingFederate is installed with a license that enables the WS-Trust Security Token Service (STS).

  • Obtain two certificates for use by PingFederate and Dynamics CRM to establish trust between the two services. The first certificate is an encryption certificate that encrypts data between PingFederate and Dynamics CRM. The second certificate is a signing certificate used to digitally sign the SAML assertions returned from PingFederate.

  • Configure a connection to the Active Directory LDAP data store (see Configuring an LDAP Connection).

  • Configure the HTML Form IdP Adapter with an LDAP Username Password Credential Validator (see Configuring the HTML Form IdP Adapter).

  • If you are configuring the connection for active federation, install and configure the Username Token Translator 1.1 (or higher) to use LDAP bind as the processing scheme with the Active Directory LDAP data store created above. Contact Ping Identity support for information about this plug-in.

    For PingFederate 7.2 or higher, Username Token Processor is part of the product and does not require a separate download or installation.

  • In order for the connector to work properly you must configure PingFederate to "Omit Line Breaks in Digital Signatures" by adding the following java startup option to your run.sh, run.bat and/or PingFederateService.conf file:

    -Dorg.apache.xml.security.ignoreLineBreaks=true
  • For this release, Microsoft Dynamics CRM 2011 for active login with Microsoft Office TM Outlook versions 2007 or later were tested.