The implementation of claims based authentication for both internal and external access to a CRM server requires the following URLs:
- Security Token Service(STS) URL, e.g. sts.yourdomain.com
- External URL,e.g. external.yourdomain.com
- Internal URL, e.g. internal.yourdomain.com
- Internet Facing Deployment(IFD) URL, e.g. auth.yourdomain.com
- Discovery Service URL, e.g. dev.yourdomain.com
The Security Token Service URL is the URL of your ADFS server, and the other URLs should all resolve to your CRM server.
Claims based authentication is enabled, HTTPS must be used for both internal and external access. As stated above, your CRM server has to bind to various URL. Therefore, you will need a wild card certificate, e.g. *.yourdomain.com
You will also need an encryption certificate to be used by ADFS to encrypt claims.
In this guide, we use a demo system with the following settings:
- Domain Name: qadomain.com
- Security Token Service(STS) URL: sts.qadomain.com
- External URL: deepnetcrm.qadomain.com
- Internal URL: crm.qadomain.com
- Internet Facing Deployment(IFD) URL: auth.qadomain.com
- Discovery Service URL: dev.qadomain.com