Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Step-by-step guide

 

...

Content by Label
showLabelsfalse
max5
spacesKB
sortmodified
showSpacefalse
reversetrue
typepage
labelskb-how-to-article

DNS Configuration

The implementation of claims based authentication for both internal and external access to a CRM server requires the following URLs:

  • Security Token Service(STS) URL, e.g. sts.yourdomain.com
  • External URL,e.g. external.yourdomain.com
  • Internal URL, e.g. internal.yourdomain.com
  • Internet Facing Deployment(IFD) URL, e.g. auth.yourdomain.com
  • Discovery Service URL, e.g. dev.yourdomain.com

The Security Token Service URL is the URL of your ADFS server, and the other URLs should all resolve to your CRM server.

Certificate

Claims based authentication is enabled, HTTPS must be used for both internal and external access. As stated above, your CRM server has to bind to various URL. Therefore, you will need a wild card certificate, e.g. *.yourdomain.com

You will also need an encryption certificate to be used by ADFS to encrypt claims.

Demo System

In this guide, we use a demo system with the following settings:

  • Domain Name: qadomain.com
  • Security Token Service(STS) URL: sts.qadomain.com
  • External URL: deepnetcrm.qadomain.com
  • Internal URL: crm.qadomain.com
  • Internet Facing Deployment(IFD) URL: auth.qadomain.com
  • Discovery Service URL: dev.qadomain.com

 

Gliffy Diagram
nameURLs