Forum Discussion
raZorTT
Cirrostratus
CirrostratusMicrosoft Dynamics 365 Portal SSO
Hi
Just wondering if anyone here has successfully setup SAML2.0 federation with Microsoft Dynamics 365 Portals?
This document doesn't specifically mention F5, but I dont' see why it wouldn't work.
https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-saml2-settings
I have created the site settings similar to AzureAD and shibboleth
Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://samltrialf5.microsoftcrmportals.com/signin-saml2
Authentication/SAML2/F5/AuthenticationType - https://sts.myidp.com.au/idp/portal
Authentication/SAML2/F5/Caption - MyIDP SSO
Authentication/SAML2/F5/MetadataAddress - https://sts.myidp.com.au/idp/f5
Authentication/SAML2/F5/ServiceProviderRealm - https://samltrialf5.microsoftcrmportals.com/
When I go to the portal site and click sign in, I can see an external account option of "MyIDP SSO". However when I click on the button I get a HTTP 500 error from Microsoft "We're sorry, but something went wrong"
The metadataAddress currently doesn't actually contain the federationMetadata file from the F5, so I plan on hosting that using an iFile and updating that site setting to see if that might be causing the issue.
I just wanted to see if anyone here had been successful in federating with D365 Portals?
Cheers,
Simon
raZorTTSo i've managed to get this working 🙂
To get more information about why portal was seeing an error I had to remove the custom error page. After that I got the .net yellow screen of death (YSOD) which lead me to a certificate error, and a validation error which required me to make the F5 metadata xml file available to download.
https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/view-portal-error-log
Just in case anyone else tries this, these are the values for the site settings
Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://{yourportalURL}/signin-saml2 Authentication/SAML2/F5/AuthenticationType - The Local IdP Service EntityID on the F5 Authentication/SAML2/F5/Caption - A label that will be applied to a button on the signin page Authentication/SAML2/F5/MetadataAddress - The Local IdP Service metadata file in a downloadable location Authentication/SAML2/F5/ServiceProviderRealm - https://{yourportalURL}/Cheers, Simon