Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
| 1 min read
Microsoft Dynamics CRM Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator
- Access the Dynamics CRM server.
-
If Dynamics CRM is configured for token signature validation, run mmc.exe and
attach the Certificates (Local Computer) Snap-in.
Import the signature verification certificate used in PingFederate or the certificate’s CA certificate into the appropriate certificate store. See Enabling ADFS 2.0 Token Signing for more information on token signature validation.
- If WS-Trust STS was configured for the CRM connection in PingFederate, import the encryption certificate used in PingFederate (see Select WS-Trust encryption algorithm) along with the certificate’s private key into the Dynamics CRM server’s personal certificate store. The Dynamics CRM server searches this store when configuring claims-based authentication.
- On the Dynamics CRM server, run the Microsoft Dynamics CRM Deployment Manager.
- Select Configure Claims-based Authentication and click Next.
-
Enter the following URL for the Federation metadata URL and click
Next:
https://<pf_host>:<pf_port>/pf/federation_metadata.ping?PartnerSpId=<SPConnectionID>&forceIssuedTokenPolicy
where:
- <pf_host> is the host name or IP address where PingFederate is running.
- <pf_port> is the port number for PingFederate.
- <SPConnectionID> is the ID for the PingFederate SP Connection you
configured above – for example,
https://ping.crm.com/default.aspx
Note: If an error appears stating that the Federation URL is unavailable, add PingFederate’s server certificate (signed by the domain controller) to the Dynamics CRM server to establish trust with PingFederate’s SSL server certificate. - When prompted for the encryption certificate, use the same certificate shared with PingFederate (see Select WS-Trust encryption algorithm).
- Save the configuration and run iisreset from the command line so the Dynamics CRM server recognizes the changes.